Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-08-2024 00:48

General

  • Target

    https://havilaremodelling.com/policy

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
  • Drops file in System32 directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://havilaremodelling.com/policy
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1344
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc6c7ccc40,0x7ffc6c7ccc4c,0x7ffc6c7ccc58
      2⤵
        PID:2208
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1976 /prefetch:2
        2⤵
          PID:508
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1876,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2200 /prefetch:3
          2⤵
            PID:4920
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1736,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2248 /prefetch:8
            2⤵
              PID:3364
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1
              2⤵
                PID:412
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
                2⤵
                  PID:2996
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4472 /prefetch:1
                  2⤵
                    PID:5016
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4488,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4656 /prefetch:1
                    2⤵
                      PID:2456
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3216,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4912 /prefetch:8
                      2⤵
                        PID:5024
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5084,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:1
                        2⤵
                          PID:2600
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4468,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4620 /prefetch:1
                          2⤵
                            PID:3408
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4628,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=728 /prefetch:8
                            2⤵
                            • Drops file in System32 directory
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4120
                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                          1⤵
                            PID:1516
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                            1⤵
                              PID:2868

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4fe7c47b-78b8-462d-b5b7-190c5ed2c309.tmp

                              Filesize

                              9KB

                              MD5

                              6aa3a1ba83543837476a85a74d12e475

                              SHA1

                              8d440e2ec9f8c2aea4e9381f36cdcd3227db4d27

                              SHA256

                              81e2af62c8472f6fbcabf6595aabec5f10b914151def0f6fc2974a3c92944c04

                              SHA512

                              56daa5799ed72258934ff24bce21bc7fefbe97ed1e8fc5404025878eeaeb46f67d613a35f0c78bd21e6c20d49f8c029f99d2e70a59695b97714cd8b6ea944ea1

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                              Filesize

                              649B

                              MD5

                              b58193511492a7c09c0a88038fb784b9

                              SHA1

                              c087f5a644573f2d27dce7cc5c6095ec5652c334

                              SHA256

                              cfe8ba2ad7ec4bdefed3e33cc33bce40e55e9a313ffb264edfcfd4c26acf8136

                              SHA512

                              82a2dab5e6d71db089d70149c6b48aff8e928c3cdcd68a9958a377890d2585625ecdebfe3d13c073e936363d7a081acf0cd6e5dc4cd2cd7020edd818ab47b74d

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              360B

                              MD5

                              3804f58a973427ce374ba5a89429c5a7

                              SHA1

                              22f0c1c68d17741a8612b0602f581a3d61a30745

                              SHA256

                              31b01a6979480ca362ab7854fbd93615d5a5d4913d36232bb57ff26149ef2498

                              SHA512

                              7d434117228bde9d590f31c3dfbb37b9e1085aa0852f270dcb27dc71d5ec1e44e3693e43a17cdccf763f64833dec7e3056c15080e740088f26c05c89808e92cf

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              4KB

                              MD5

                              5ddc05a0dc02e9235ea2a6173f4eebee

                              SHA1

                              02779e50b6842ca6508ee4c16db89c0a8c7dbe3b

                              SHA256

                              664fcd526da62b8f3c34ddc7e06b45b8db74f47c5a1f6ea2b81ae8ddb39247f1

                              SHA512

                              f9516ddea4528c7c13fd895fbce45a8e6a224fdfdb38c8ee04b2f4c7919c5c6d03e0d41fbf09cfc296e59256c688e8c2775cab952fa130791ddc03716c360433

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              1KB

                              MD5

                              43d2d35ef4741c55b61242534263e843

                              SHA1

                              bf20f040f5168ec30b66421e210554dce55ea4f8

                              SHA256

                              3a3308123bfa53cfe6f7f3807f38aefb06f7ca46fbea899d185df31e96f475ef

                              SHA512

                              c3925b5aff9429e5ce2120576a4f0630c434bb91d45043f8f7ad217e8817a6394d19873a075ffaa964069d2da2b970f56c36def80cfddd95bd0a3943959245f0

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              8088b3be95ea654bb722194550d0196d

                              SHA1

                              a40f957035c98d36d842054a086f731829f793eb

                              SHA256

                              80c5633b68a4cf874f5f6e011b9601e2426eb3d02b4a4fe21bc6a0ef666c92df

                              SHA512

                              897917fc62d8c78062fbf6bc2bb29190abedeac08745dcef79b9e3508c536e6977cd5c1c75eb7d539ec8e9aa8a36911f5983dd55aef5fd80dfab8ea46880460b

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              5ce77d151f35f3ea4697b2b0eec1eb6d

                              SHA1

                              4b3e99308a8c7e8c3e209da6d9d34e01659724d7

                              SHA256

                              780aacb1164ba15f31213ee20c427d00f31226cb84bceaec875d20864ea8f747

                              SHA512

                              eb3c30dcfc96b61c82bcd97f9701a84bfc1a5054248e9c1bd6868e2ff4805f5c0f5d81377c4aed3ffacddadc4d95358cef7e79f6244d783527de9a4272979501

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              ff5caba1acce4386cff3895dd7ddd260

                              SHA1

                              87f63aa95bb541f531a99c86593a024418514680

                              SHA256

                              653ef871a4e1c65a2aeb53677df2fa2bacf4fbfe64c4d8c9e3e68a8516ff1d9b

                              SHA512

                              753f88b4cf2e6f4adf51c5bb3534c506ff0b711428dc1dab84840af18d21bde2502aa33ac9a6223144d8f7f5020039b60d634cab4aacf6802f80585b0bb2e76d

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              74322d6bcf58c07eff1d1f3232cb00db

                              SHA1

                              1ebfdca1d79f858cc3649c06b3c6fb116c7e4729

                              SHA256

                              ab0bcc394b7321ea7abc53aff0f96d3a6df76759c72ca4a7932bbd6a2644ecf9

                              SHA512

                              b4c496817cf5c939c3cfc2b27848059869bf61e4bdd5c994c78361839495e8effc08c093ca2cc48edd8c647023e657c719ea304d96a7c1fe76dcf0279baef93c

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              9ad650f1b7df867bc7ef3fa1bd4ea86c

                              SHA1

                              0d05f03541b53fa1df67215b702bd71888462fa8

                              SHA256

                              23c3738791014367713176628541eb8abed1ae8569bfeaceeee6f61c7a2fbf09

                              SHA512

                              2ac196bca98798de26105f0622d3cc0c7a2713092547e5158530775cbee05c92c30eb15d20987a53bf2bb7aed37229a913a912147409ee0160d67bf4810fca99

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              a7f249706c6507ed14671bb025c53255

                              SHA1

                              6b278657d98a75063a64efc68676b3b2c6980f72

                              SHA256

                              f641b5cf307dc2158a0228192149fbb5baf75abd2337f05add438943adb8e8e2

                              SHA512

                              28d5039f7494bd96e33a6c07f5c27de78ed746bdab4565d45ed5df6ac41763da1fa7a2ec150d25d49c862e287940d09011112e6ee0c86a5b02c26e6d7304d448

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              7629d83741c78e835c3a0363a6761aa5

                              SHA1

                              31311e9b48a9958bb5b5c3627f7b17d193d47af6

                              SHA256

                              63594b8a15e2188f40f686ff816a93ccf6ab80685cf6eeec5ca58b06ba560d57

                              SHA512

                              d2fd77901ad043c72aaafc08d182f0f7b7fa845d636e92978db33883f9e88fb96702994362944efa1cf6a47dbfaa6d38b0057f1688e7e6e1593b02608dbe1475

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              a3796ff065724f74e5e8d5b2c0796f5f

                              SHA1

                              0211a9c9d72d30aaa454ffd184d079f6cb824cc1

                              SHA256

                              465de1365eaffa02d29a16d428b8793df3cb6a055ab022c97effa6a5ce9d851e

                              SHA512

                              6edec757dedf42d75b0951665bff5d63fe03be8d4866611228b051a36b335c2ec675a9bf86fbd71c0eb8127af807923be69fe37be79a195d986a00b28dd2c4b4

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              b8c13680e8070aa3e3a75f201f305dce

                              SHA1

                              e56c1effef7910bb35a81b518a40aa1ff1a1d2cf

                              SHA256

                              330447553e69a0297bd3780d835d66cc5e6035a003600e5bdc996db76053471e

                              SHA512

                              f10ff5b9c5634f8736b6954daacbd4f590abb5ab4dccd321865048ff3f295c8419e5a4af23e5e60283fff7d54a4ca2b974c62274191cb79a95e1168d59b6c3b9

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              99KB

                              MD5

                              2177b5d66f83ac87851c8ede65f5eb03

                              SHA1

                              29624bb56ba87e150c765fe55e817f78c9fcf16b

                              SHA256

                              316bb71769127dc7ed910ce20ddcababff658745f7cbd85426b8b675eefc4aa3

                              SHA512

                              d2bcbc09d720d5e7f66a45ca072e3ac377b7625c09a01224bbf841ec8b994247c34171a421a09c81f518ee71610f05a408e3e5147c2d3a8fea8723bc2c2ef1ab

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              99KB

                              MD5

                              58272206169bfa616097fc4b49754f76

                              SHA1

                              f51e857569c6238d4b2a75dec9ab85b8e0deae07

                              SHA256

                              3900e603915ac62bf0537758f4702f37080b8310091807b315f2095cefe34d58

                              SHA512

                              a8335528f29edf8282ed1e1bfd11c0e1de8820758dc3c19bcb81b2d1e63f755ce25f200924d73716b5184df20aab0006be880fba7d5041ae7bdf7322ff3cd6e9