Analysis
-
max time kernel
149s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05/08/2024, 19:55
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://extensions.chatgptextension.ai
Resource
win10v2004-20240802-en
windows10-2004-x64
10 signatures
150 seconds
General
-
Target
http://extensions.chatgptextension.ai
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673613353477635" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4436 chrome.exe 4436 chrome.exe 1028 chrome.exe 1028 chrome.exe 1028 chrome.exe 1028 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe Token: SeShutdownPrivilege 4436 chrome.exe Token: SeCreatePagefilePrivilege 4436 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe 4436 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4436 wrote to memory of 4980 4436 chrome.exe 83 PID 4436 wrote to memory of 4980 4436 chrome.exe 83 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 4688 4436 chrome.exe 84 PID 4436 wrote to memory of 3160 4436 chrome.exe 85 PID 4436 wrote to memory of 3160 4436 chrome.exe 85 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86 PID 4436 wrote to memory of 3052 4436 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://extensions.chatgptextension.ai1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4436 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffbc4fcc40,0x7fffbc4fcc4c,0x7fffbc4fcc582⤵PID:4980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,628146213053410107,6655446203018490000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1892 /prefetch:22⤵PID:4688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,628146213053410107,6655446203018490000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2156 /prefetch:32⤵PID:3160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,628146213053410107,6655446203018490000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2256 /prefetch:82⤵PID:3052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,628146213053410107,6655446203018490000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3052 /prefetch:12⤵PID:920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,628146213053410107,6655446203018490000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3092 /prefetch:12⤵PID:1172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,628146213053410107,6655446203018490000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4404 /prefetch:12⤵PID:4040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3376,i,628146213053410107,6655446203018490000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3340 /prefetch:82⤵PID:212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4740,i,628146213053410107,6655446203018490000,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1028
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3200
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1852
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5190b97888eb67c9c0e76ca570e292feb
SHA18eafdde63e1b2b031c764bce24e4297bea0cf55c
SHA256a961cfbe73be4b5e0bef1d50589822d6041d10c7bb0f37e245a8d64000dc5168
SHA51254d9e775c4ae05c01b1c9d8fdedb0164d6a8663bcce82202c3c9b4da59f7f9019ed50f359a605d219434f483cc1bb446c2b3d47048e76ce4b6b726e1d9154699
-
Filesize
1KB
MD5a54ab1fe91635becf247daf5fc649f3e
SHA18b08d10539dee51ff0a936b5850282691fc4bfbc
SHA2568614d68a6c5255d61837aeced741926a8ad91f7f724ef3b8e8ba667cdc7dad9e
SHA5129cf853a9ce31e12ca27a1dd34d3d265f4de50ab42fdde74858bcb35d615768da0e7e432fa2a9f45087eea791e125e32b5dd81ddf1b23276b2f198ec82e0afcbe
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\afd3de4c-f83c-4a78-82cd-f1099a93e45c.tmp
Filesize2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
8KB
MD528be5bfce58f0fd8c0e4593c75e89856
SHA15b3e0bcf3f60c1c86affea249ed92022fbc6d297
SHA256884ccacc3b9cdf25c29434bdad79c18b94c35ce1deb8005ff4329fa11ea44265
SHA51289ab73852f1f3789cf63e9bcace0066b7cdddbaec88d18202fee4a4449030be6287f5ee6ea90457c474e941bd1fd327cd36195064af54c24da34cab0319263d0
-
Filesize
9KB
MD59bccecbea6babc8ed128c9881bb7d58e
SHA16f99d790f1a0723fc37b1c6d2b7b81db2cd2df96
SHA256c5b6a7df95a542079f00b46a58930c4ef8a78d059f063265c623f1004c41c66b
SHA512fd0aa37bcfb29ca55a7b70254ec40b59f2b23c43001bad6117534e96d4cc04a3f5af3c18392a4dfc7294479fe228d76c8641767d586dfca5beda9259044c5b37
-
Filesize
8KB
MD58de04c83ec649b7945f3df4e0d391d5f
SHA1eb0effe5b26a29b424220e95fde3f4584e821811
SHA2568450a25ffb0f197a23952ad2b72c08beb93cece60d6ddb944aa5fd4bdb68e6eb
SHA5124db5acbfc10f1fbc918e63ebcf06fa858d674bc73217bb912708dbd18fc48681fb44655d7b9a02db3af284d184b4c067306735ee1837e9149b3f658c092a5af5
-
Filesize
9KB
MD588fc66cd905b7631606cf07337ef35ed
SHA130e52f3c6af133c551290b316c41e70e9344d13a
SHA25669ff9e20f077d34d9dd3e48b1924469cc0328a7788d29cb2af0259ec038a5167
SHA512e4666f3a229292f30485378b4b8cf7a60f678748f9c5b4f190bd1c07f6bdfec261269a38c930b55f6cea3643c0d722238a0b6c6dd37c5b5a8ded547de6e41177
-
Filesize
9KB
MD57a0f3911df32e633239ff00563ed0bc3
SHA1042738d4e64b0a371f764e75163bd05d6a03314f
SHA25697e54cad0b2ec981710c1c6969c55553540ea2d1949e68e55eef27373b2df2d3
SHA512b4373861cfb478078a76e9b94393ede0c71462b4e2a7fcbf93e832c153c6a64600d261fa0264024a6e2b4e9f825081cf0a595c55dec3bd3da63d4487f3582687
-
Filesize
99KB
MD548183f75feaddae8d9b49f1500faac0d
SHA1c794481f79bfd170db2b631316ca276c55c6ef2f
SHA2564fa958742c74a11547bdd8fd4ab4922bc0a929bad75df13523a26d73b2f7a677
SHA512a979d6ca27b9243b077a21deb6047a7c857daaa7e8eef12aeaac8bb080737cfabf11d2d6b0fa2e765716a72d8306589fe7af6bb5c981ad350a335884388b7e98
-
Filesize
99KB
MD5cb3314b6da70d9c6f9b8fa68b1a7f47d
SHA184adf2370bc8ba8398b88affd590fa63f36f52ab
SHA256d3d77fe9f66fc1610e823b0b174bb8b36fa5db0c13310a9efbf7df5619f6ff2a
SHA5124affefe7304a979452196380a5d64eccb32daf6feb986eb519be6cfb59398f095028ae3a8a2b2a649abdfec7096ea9f7f3909391059a5767436e3f97faaa1dc4