50c3e40c19a5a61cffd885b590d961bc8be69412c772ddbb14d6bd3328281949

Analysis

max time kernel
28s
max time network
30s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 11:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup-924971.html
Size

31KB
MD5

66beafd8a01b95b56969ad330ff5c9aa
SHA1

ef5b3ce2bc1fcc9909f071a796bee5f862a69172
SHA256

50c3e40c19a5a61cffd885b590d961bc8be69412c772ddbb14d6bd3328281949
SHA512

375b5829d8d8d4c69f8582e7e4bb9a9baaef810a771c214971d00adfd52d838c5ea9c1f251ef13b43c5bc141022765aaa590822e9ef3e19ee9180a30d26e274a
SSDEEP

384:+kSuhDEnNWjLcc2ue9yHUqDDUTbV6dqReyjTDXTKeaDQmGEFl8R07bZ+hNQud7yB:SD+a15RMiKte/Oig/Z2EZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4636 wrote to memory of 3292	4636	chrome.exe	84
PID 4636 wrote to memory of 3292	4636	chrome.exe	84
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 1932	4636	chrome.exe	85
PID 4636 wrote to memory of 4988	4636	chrome.exe	86
PID 4636 wrote to memory of 4988	4636	chrome.exe	86
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87
PID 4636 wrote to memory of 2056	4636	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Setup-924971.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa23a8cc40,0x7ffa23a8cc4c,0x7ffa23a8cc58
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,6138969782563694098,13362585235684032861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1992,i,6138969782563694098,13362585235684032861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2140,i,6138969782563694098,13362585235684032861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,6138969782563694098,13362585235684032861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,6138969782563694098,13362585235684032861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4204

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d3c5ccb1aafe68f6e3cfc77524ef4dc0

SHA1
782ea6848790c2c4504a8cc63926b88de5f93a11

SHA256
5f2df2082940ed5a97589fde489369f0fe5d6b191a16d8b2c44364659b8bbfec

SHA512
f388c9324e715bee6548206b70e10ece29bd519f43512de1ebe7350057e5daa4f846477bdc110db6b17f95cb57bda6e7e7689176a2807ac299d489cca48257b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e8eae8502f34aef23763d37c7dbde0bd

SHA1
3ce8249912eb530f09ac7cb650e815737d982c19

SHA256
e4b71e59dcfa64ea68b8d085dc29470c55f71f34d8362c18dd47f57712beb068

SHA512
5f1ae4ef75826cf01bab417fdfb66c34699d894e7b92e96b3faf8b62acace71d134788173bce29ba6ece4ccb26183d6b994399d4fe212ba59447d54d3312df3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
7ae2055fef5fa665d0d26268959061fe

SHA1
2c3262d2ce35cc5c497b68c6138af8083d053353

SHA256
d5122e8ad8ef282d0a23112daf87002c13fff507c45fe747940870ae98f5b5aa

SHA512
c5cb88a0d07303cac45e5356b11d440d2dc7ab4946cba60aaf7b2d0598d4f034dedb29bd7135b402a7b8b3d5d0acb12c2717ce8dd6482614c27404494c4fcb20

Download Submit
\??\pipe\crashpad_4636_TMKMRVEOHIMFOZSL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit