Analysis
-
max time kernel
28s -
max time network
71s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
08-08-2024 15:52
Static task
static1
Behavioral task
behavioral1
Sample
view.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
view.html
Resource
win10v2004-20240802-en
General
-
Target
view.html
-
Size
85KB
-
MD5
132264de5017372a8b085fed0e3c2da9
-
SHA1
2e594d4e506533edc3312bc52581dc99d4d72f17
-
SHA256
47b5af7d074d1351f8f0c297ee055eaa6b2f24ad1586d586fce00d7d5d0e559c
-
SHA512
1585b9f902228afadbee672523b23e305ea19af1dfc4d6918a1d5b1e2661e4c142c0c074aed4a2539109071a8f9c45262b1000d8b6fd621ad1516a6b88faf51c
-
SSDEEP
1536:JdQ3OdbtbaQBWSR5s0pg/A0opwC5HcUW1+1w0:vzbZs6uA0A8O
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 15 drive.google.com 16 drive.google.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2164 chrome.exe 2164 chrome.exe -
Suspicious use of AdjustPrivilegeToken 54 IoCs
description pid Process Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe Token: SeShutdownPrivilege 2164 chrome.exe -
Suspicious use of FindShellTrayWindow 50 IoCs
pid Process 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe 2164 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2164 wrote to memory of 1320 2164 chrome.exe 31 PID 2164 wrote to memory of 1320 2164 chrome.exe 31 PID 2164 wrote to memory of 1320 2164 chrome.exe 31 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2784 2164 chrome.exe 33 PID 2164 wrote to memory of 2948 2164 chrome.exe 34 PID 2164 wrote to memory of 2948 2164 chrome.exe 34 PID 2164 wrote to memory of 2948 2164 chrome.exe 34 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35 PID 2164 wrote to memory of 2688 2164 chrome.exe 35
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\view.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7ff9758,0x7fef7ff9768,0x7fef7ff97782⤵PID:1320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1272,i,8123366137733309133,15397116397108766963,131072 /prefetch:22⤵PID:2784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1272,i,8123366137733309133,15397116397108766963,131072 /prefetch:82⤵PID:2948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1272,i,8123366137733309133,15397116397108766963,131072 /prefetch:82⤵PID:2688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1944 --field-trial-handle=1272,i,8123366137733309133,15397116397108766963,131072 /prefetch:12⤵PID:2588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1724 --field-trial-handle=1272,i,8123366137733309133,15397116397108766963,131072 /prefetch:12⤵PID:2156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2844 --field-trial-handle=1272,i,8123366137733309133,15397116397108766963,131072 /prefetch:22⤵PID:2276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3224 --field-trial-handle=1272,i,8123366137733309133,15397116397108766963,131072 /prefetch:12⤵PID:1604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3472 --field-trial-handle=1272,i,8123366137733309133,15397116397108766963,131072 /prefetch:12⤵PID:828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3780 --field-trial-handle=1272,i,8123366137733309133,15397116397108766963,131072 /prefetch:82⤵PID:292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4092 --field-trial-handle=1272,i,8123366137733309133,15397116397108766963,131072 /prefetch:12⤵PID:1248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4016 --field-trial-handle=1272,i,8123366137733309133,15397116397108766963,131072 /prefetch:12⤵PID:2792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 --field-trial-handle=1272,i,8123366137733309133,15397116397108766963,131072 /prefetch:82⤵PID:2128
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2720
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
155KB
MD5098e0f571b1ecff80f7fa7374d67747d
SHA19d42d15540a2a4dde3579b8a668e7d65386ea8b7
SHA25650f8aa83b67c6e49a2b65637d50714e4a993bf6b621e07fbd7875a293bd678bf
SHA512849a5ee8185a7e53127b17eea7b0d879d068053dc4fdda83945bfe12b2ed2717014f123e1556f8d0b9fe4235a03703e4a64f5c1e7bcc3fbd53002bc07145ab48
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
5KB
MD57460aeb66a54d170763fdca3c7064441
SHA136880356d8a10d87bcd87b909ea9d5135714e474
SHA256785b8e0850867498f0648557b32284c47d67fb9b0d77a54afda96b7f4a30b9f8
SHA5123bbf6b017558b378afd96d2f33c9892c006f14faab3f615ce3882120b2a769d2e580399b4dc20fb6381651bd0799b2075e8e953200f70ce18ec713615cced34a
-
Filesize
5KB
MD55a666aa96879ab0a541f397212185c84
SHA1b3a7a26058d9e2f167965203915c71ce05cb2faa
SHA256c618436812e08c7eafa2e42cbdf95fe5fc639069ce3098f16c9cf7cc6b946cab
SHA512a4f2fc7554b3dd2df5278b129848e69bce5232bfaf7361cb6d8b77034ebd52c41bbbf73ad07d0c56f1778a6181df7f4836e44c8b2e1a85a04fc2652175ccd686
-
Filesize
5KB
MD5be27206c0267496e702dacf28bc1da5b
SHA13b9875bc69ce5f063d3fbe6dd477c5c718e109b8
SHA25633fc8761d2af739146c001ae8ec292216618edf11b9f4949b055b1bd98003c5d
SHA512a311e21b7afe6ebbaab03db7234dd8fc8c300b2ab6622c46296651b496cfa4df451dd50f0799148515f7292d9c1fb5566e31098a99dfb783a5582928b269c4c5
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
155KB
MD5e3631a40e4f0e9c633b5f9693cc20400
SHA182e2f31aa159d7aea611e9eb93989e8230bb0bdc
SHA256efe0ea2e8e8e8f5903476197bfff4d2d3ae717ed4d0df4ceeb7fd3fe3ed5474b
SHA5127585499f6c54ec5ea193388c1cd4b8be64f9ffb817f02889cdee49a54202591c3f6848730ae728ce690c1123cc53926f998e8e9d161f63c86093af10b9fdd3cd
-
Filesize
155KB
MD5791bc25df366939eef2eb9848b33f38c
SHA1a893a7dedd796a2d9d749f4059c28469dc8c5be4
SHA2560283ad7fe5ec7cad583bfc9a679f76ca524a21e6fbd4c567a5c57702e9640d0c
SHA512ba30a6bc2e608b397f6bacfadd950d2162648c08df443afdf8278dcf58014c16b00e1e090ad5f92f26f72520f266ed6f416607c0f9b642aa9fdacf2e581c701f