Analysis
-
max time kernel
30s -
max time network
22s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11-08-2024 16:14
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133678665104087084" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 3684 chrome.exe 3684 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe -
Suspicious use of AdjustPrivilegeToken 58 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 3684 wrote to memory of 2768 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 2768 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 3988 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1604 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1604 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe PID 3684 wrote to memory of 1128 3684 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u.to/dR-SIA1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3684 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3793cc40,0x7fff3793cc4c,0x7fff3793cc582⤵PID:2768
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,5840084747758022114,8841573028769680524,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:22⤵PID:3988
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,5840084747758022114,8841573028769680524,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2148 /prefetch:32⤵PID:1604
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,5840084747758022114,8841573028769680524,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2428 /prefetch:82⤵PID:1128
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,5840084747758022114,8841573028769680524,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:12⤵PID:3960
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,5840084747758022114,8841573028769680524,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:1044
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4364,i,5840084747758022114,8841573028769680524,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4500 /prefetch:12⤵PID:2432
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4636,i,5840084747758022114,8841573028769680524,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4524 /prefetch:12⤵PID:1560
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3248,i,5840084747758022114,8841573028769680524,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:82⤵PID:1796
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4860
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:400
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5badc2807bb7bd1643f79bbea232f1267
SHA1e3fb788643e89efbe2358edf22b3b022a6727aa5
SHA256c487cd36cb67352deb6fd622bac17195cfdd73db0e5dee69939f9b9a40b11392
SHA512453d4c2f59c9ad242394ab6e56bd079c9f9cf18be972cbebf72949008b8108d0a347cee307834289a52d131c0c8e6a2a0ce0081c6ba305f3faa52f362e20fff3
-
Filesize
456B
MD5cf055999a73ee2fb178b38e9bb2c0fc1
SHA1614f910ff211ab73e167f69a6bece55dd40d5d10
SHA256a235bc1003aac27d9f9d76f418cb609cabeddcddb739289e377537003e214321
SHA5127d6c18fd619c6781e7437bf1e7e18bf2e1eaee480274abbaadee7d45bc4214bfb34f46be1fcd30c880ed0e0381af6a55f8da22ae89a4e4a418ebe24b157652c9
-
Filesize
1KB
MD57fbad96bf825c47b75c4e89da2042d9b
SHA143fa24c0e2deebc90a78b570198acd5e2a191765
SHA256f915d6acb138149418fe6804a085c6032b10c3ae5bef0c1ffa62d77db5b90bc4
SHA5121a31d19f947208fa8569f0d4d7066e1bbc5f2c2ace836348456715e59ade39ed73e74a78befccf49d7ea908fc7606250af659a73600d7595457e004d96825167
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
686B
MD54fc922342e37bdcad17de1ea3b66308b
SHA1241438c2ea673ed81fe8a43762cba84404f2bea3
SHA25604140851f457dd79261c97414bd8e7501dc69f6707ea182151835aca8a6f5b2c
SHA51213f037c4eafe78a92e1cf495be09fd610c34371a100355960296ddae555f0969e5bae76199ecd1d5244f6cc7ec17db649ffe04cebf8f4e798bfd2fa3e782ea11
-
Filesize
9KB
MD5edb60024ace33c76db1c872fce034fbd
SHA1e6db1a5172a784b0b0b45aee097d3c3bceb6b7b2
SHA2561c29b08e6affe5afb8523b3884a7e4fccf5f4a46389855b672be7b3aa27a3a25
SHA5127fd48eafe7b68297bb46609a34721094e8717ca411e502f10c06e54ebb9828775a6ed2bba0535a54c6f4970764402ad7666735fa871e984a3e8528c2dc6c8909
-
Filesize
9KB
MD55e71c3600f127512ed5b1b1e157dfa1c
SHA176c93ab5fe3334fad4e081fa5daec8f0dad3fec8
SHA2568162739414feba38d8d2a64fbc89ad4f79184423cd84c1b0761964adb43b2d43
SHA512412abdf9955e546d08ea3693a27245998e47a0a931704e928914bba8f0e1dfca1e5a6c40de222089637fba303557ea9e28cb82ac63b49f02c522d67e248a7a63
-
Filesize
99KB
MD53b578a090e023a6aa69fa7cbd0ee35e5
SHA1174ce0d8422ef8e2c5e74c097fafb4b16394638c
SHA2568c7b1ad26f1f6e9f3e4cffb2166f6aadeb2b6a82114f6c318dd57f14fe834dba
SHA512f57b33032a773cb7a7158c86ccc01add6c83511b65b6708ff783443ed13d5fb8722370caab084e14891ba49c829747627ed9bbbbf0448b2c0cdcbe940d958775
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e