Analysis
-
max time kernel
259s -
max time network
204s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
14-08-2024 06:05
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680891782010236" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3408 chrome.exe 3408 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe -
Suspicious use of AdjustPrivilegeToken 34 IoCs
description pid Process Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3408 wrote to memory of 2408 3408 chrome.exe 84 PID 3408 wrote to memory of 2408 3408 chrome.exe 84 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 3672 3408 chrome.exe 85 PID 3408 wrote to memory of 2804 3408 chrome.exe 86 PID 3408 wrote to memory of 2804 3408 chrome.exe 86 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87 PID 3408 wrote to memory of 3952 3408 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://aka.ms/AAb9ysg1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3408 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffafe84cc40,0x7ffafe84cc4c,0x7ffafe84cc582⤵PID:2408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,9711176155727789588,2144300922454567211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1816 /prefetch:22⤵PID:3672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,9711176155727789588,2144300922454567211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2208 /prefetch:32⤵PID:2804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,9711176155727789588,2144300922454567211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2368 /prefetch:82⤵PID:3952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,9711176155727789588,2144300922454567211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3088 /prefetch:12⤵PID:4972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,9711176155727789588,2144300922454567211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:4952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,9711176155727789588,2144300922454567211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4040 /prefetch:12⤵PID:4440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4644,i,9711176155727789588,2144300922454567211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4688 /prefetch:82⤵PID:3088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4860,i,9711176155727789588,2144300922454567211,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:2636
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1272
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2708
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5ac03c66edbe2bdfdda950c40c5678768
SHA1eafd3b7a4973cc286d955ae27a80612847b0c230
SHA2569e1522ca11b7cb7b0ba20db6f09af0456642e8c69a3b30d566b9eb76d4dd8580
SHA512f0fdc0ba7fd1171ac970f353d2a84dde7a5100f4c8791e22a7587da07cf05a0d4d010b8b156e87307364fc06772d305872f093dab3e1a572db11ea9648d405e0
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
Filesize
528B
MD53474263ef8e398dcef2a297d703074d4
SHA1ced46e767e24ff9bf59651e8e05a16cf06dd957a
SHA2566a334ee634f7f59ccdb30a0ac20b38d769dbac13fec6043d2273b7e02636e257
SHA51205ac46df5bac51c97999c08733433e50a660f06e407217c5c5f16702ffcb3413daf0d7422a7695a42a77c747cc069b8fb21232608cd4b801a4823c699c98121a
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
4KB
MD516a5ee94cba2949fc4d2764b62d7d843
SHA154e9ce715055051a4e108e4532bba6abff46dcd9
SHA256d0be8efd27dfc3cb33318d26ff87c322f17e2982c49501358ff2ebe0cd4c9b81
SHA51246d190fa41b50d27dd59dae52f5fdfd3f490779d2479f6001fa19d3cdbd960af4daf8508e46ff2c1348827a56d4856dd565eb924e3cca0b30c6cf37fd1756b48
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD56384892e7de2849a06bf9b5c5aced599
SHA16bd33524934fc0f20fcaaaf8de43c1a14df40cb7
SHA256714268e9b4bfb626f652e7980cd6107b679240aba9b19d079bf3617ca1b71452
SHA5121efebd917eb011136525cf5c0cc2c157e403f86c93aba1057c38d955bef92db129bdaef095adb36b5874bced7680dab274e932a1e18ba61efdb2445ea5daaf1e
-
Filesize
859B
MD54a8160b5368759da69c456c109b3fe17
SHA1aeaab451eff403fc1c258d2eaa4160a3116902fe
SHA25671449795539253b55856c3aee2102ec5cdaf36142e6e43ddb95dc25193ecc6c0
SHA5121ed5b5cd657438caaa83f0c9ae1a0824db50fc9fde89f9a53b0afd07164a9e04255b99e73a7d281b67ec6bd41863afa64225a6130422b2621fdad37608b7572d
-
Filesize
9KB
MD57326fa2c297438b6cce225aacdbf5d14
SHA1716339d8a0a07cdf8281476012448d98fc8634df
SHA256aa395a470d4dab482b73cb84173e02c2145ae3562bd6319f435b2efea6f07348
SHA51269ed9299762748610e5065413cbdf51e049795ac7be85a54cc0e0aa555f3aafed71f075902a1ec9eec0254ce04d7eb8deb9c247089b43fc05c81365158fd47a7
-
Filesize
9KB
MD5d5fc79bdcaf0c231775da57a095e3aab
SHA10d3432606b9b9c324da1c910e4b0b9fa46c7883e
SHA25615d0886f8fa641745e8461e277d79a7960b829ed1d705839bef4ff21079461c3
SHA512cb1e881a8531b99cbf0a4bd0e5753019be8c57a5eedbee87406f525dda308e3451ca8c07e4e725e8df40d0dd8f68c063c051f536d7f50bed9a2f52b34b3b1fd7
-
Filesize
99KB
MD5e40b07bd80c0f1f3d5f5d4cd89e35d4d
SHA1d75e9d2329327ab956786494b9f61af612542ccf
SHA256eb11d4a6700ba7f64b07354837a12c48739c09fd29d7a89767b992173b207a56
SHA51211fff0778a41c6141c545072c15295c8b5f360aa90f45bd828c42fd5c3aa26b974ee2911fe79101aae5fb64144381918715ff944608455a4b95bbbfcd159969d
-
Filesize
99KB
MD584f22814cc201565911fbdee4acab0a6
SHA1c0de65ec8ca59a86f74f552bfe9bd41071546f67
SHA25688c2cdc03f0b63f426e5cf42a9f33411381eb16bfd954da91a9a615acbb2aee6
SHA512f9a4a06f6c030f46a3ae8bd6cda4512a3cc25a4476b405772436b0bcffd8018513145596e8f398fc81748b5bbc9adc221b137fd9036d67c7c027f4377ced0ec3