Analysis

  • max time kernel
    1799s
  • max time network
    1688s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17/08/2024, 13:39

General

  • Target

    http://google.com

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:524
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe88119758,0x7ffe88119768,0x7ffe88119778
      2⤵
        PID:2524
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1844,i,3567361626460346912,11561304861512919548,131072 /prefetch:2
        2⤵
          PID:952
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1844,i,3567361626460346912,11561304861512919548,131072 /prefetch:8
          2⤵
            PID:4292
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1844,i,3567361626460346912,11561304861512919548,131072 /prefetch:8
            2⤵
              PID:2628
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2648 --field-trial-handle=1844,i,3567361626460346912,11561304861512919548,131072 /prefetch:1
              2⤵
                PID:1092
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2656 --field-trial-handle=1844,i,3567361626460346912,11561304861512919548,131072 /prefetch:1
                2⤵
                  PID:3004
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4412 --field-trial-handle=1844,i,3567361626460346912,11561304861512919548,131072 /prefetch:1
                  2⤵
                    PID:3832
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1844,i,3567361626460346912,11561304861512919548,131072 /prefetch:8
                    2⤵
                      PID:4580
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3168 --field-trial-handle=1844,i,3567361626460346912,11561304861512919548,131072 /prefetch:8
                      2⤵
                        PID:1644
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3200 --field-trial-handle=1844,i,3567361626460346912,11561304861512919548,131072 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4184
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3648 --field-trial-handle=1844,i,3567361626460346912,11561304861512919548,131072 /prefetch:1
                        2⤵
                          PID:1388
                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                        1⤵
                          PID:4584

                        Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                Filesize

                                209KB

                                MD5

                                3e552d017d45f8fd93b94cfc86f842f2

                                SHA1

                                dbeebe83854328e2575ff67259e3fb6704b17a47

                                SHA256

                                27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

                                SHA512

                                e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

                                Filesize

                                24KB

                                MD5

                                c594a826934b9505d591d0f7a7df80b7

                                SHA1

                                c04b8637e686f71f3fc46a29a86346ba9b04ae18

                                SHA256

                                e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

                                SHA512

                                04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\383394e44e749475_0

                                Filesize

                                19KB

                                MD5

                                a0f46a263007a731a4a6da10e3dcbf7a

                                SHA1

                                d67e103f2569a1d3f5a804c579feee76600a7307

                                SHA256

                                6f69b3af1187f0dfbbdd4d1c2659e37f6582bb385446ac16a7145556464de79f

                                SHA512

                                11081c4a76f64b5fb29ec1a10b380bb074f115afe4c9d0975c26944f8fde4ec4efc1bdcb039e5772252fc7689a5407a2b568d176eee18b96395735ac0b08dbdd

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bb09a4eb073e87b3_0

                                Filesize

                                280B

                                MD5

                                a32484f371a1e76eb17b9eda538ed0f6

                                SHA1

                                e6ab6c029e6e454a71da20bfd877dd4b24033245

                                SHA256

                                47372f5a1f691021a656cdab8693df41849f24764bed3647c1182c1198f99baf

                                SHA512

                                a5283d4a94611cf78e37d704299da12db5f12c61c7a4c494eb2d0bb05f6e8e4cf31432d6858e79ed0e4009968788e1821fd08b4dcd2cf9043ce8b08f174857ec

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                168B

                                MD5

                                cc03e1bebe45c70e09a9eace45c9697e

                                SHA1

                                b7a959804d817c47bc2e3504b5848df23dd8ed48

                                SHA256

                                1fc4b5147ad89b0974bdfef99cb232c8bcbcb6598079f0f01fc527b85c4fbd3f

                                SHA512

                                d3e213124b6f5ac489a1fedddeb6955152eea2418ea022dc7191ad6bf820ef5248374ce5d1d221535392b7123d2d4ec3fb169b475e776323ad26e4fd2537d5e4

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                168B

                                MD5

                                72398acdfa746d1f652203bab1d81521

                                SHA1

                                e27c92322644c8f2a875094eea71eedae71c4d3e

                                SHA256

                                d9e830f02d7b1651fd9d4d1f5db2ec2dd583f01966588cd3e2f312fc7e8e6fbb

                                SHA512

                                a1aa45c87719d578700501f5f0305c190b4fe19ca8fcc4bdb9a134c0f3dee50911790fc9e2ea7b877c0a8e6909b2ffe5fb38216cefa43d68ff4ade50dc2a590b

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                168B

                                MD5

                                e272f5ad6338aee40d2fdf5d506f32e7

                                SHA1

                                bdf0b68ee9c20f1076177f5780ba85f3379323d9

                                SHA256

                                ad485c7af1eebe7d76a49ae4ee116a21bf458d20d9ace6a8737335a765aa3480

                                SHA512

                                ed56bbb23ee3dd81cab2807a40967aee18562e330ec45202194614d487dcd196a03b39aa5bd5aba501fa10c67fa56ede1807bc392dad6beff26f37cd38649f36

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                168B

                                MD5

                                05e170b7592c94037db1543aa4a4c6a2

                                SHA1

                                7afd7497bd6bb3b5c68cc289e11d17bf132ae62d

                                SHA256

                                64148a0568750d994f0b57c32a076d326a8e2cc2e2c5f30a26f627e927307af7

                                SHA512

                                f338ea77b345c21d1d757c7e87a569171375cbe410ab69617b8c6a6316a8366b74a7b56e07d804f21614b82574b391e05c7ce47721e4fd21105ae920d262f248

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                168B

                                MD5

                                3dc44bc64cc5eedc72a13e62d86de6b9

                                SHA1

                                8e464dd5eded9bd129c62354ad068eea67c56696

                                SHA256

                                bb2d569816bac3f08a2943a96e7b0c43f1325278249ea294ddce037973dcf680

                                SHA512

                                5769dba5958fca1a19c9a1ba7f4a75ff979cc6111b6d21ae35431de4233f6299c7baec311d44f354094ef9d4e9bd8cbba6980519c7f99cdc188bc158f0cf4faf

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                168B

                                MD5

                                4bff251b16e0acfb551a696db611d0e3

                                SHA1

                                7b6c1ac40489dd9fdb9ec9e83b5dfba624df3447

                                SHA256

                                a37b0e4df74253b73d7272577425c3e85694f5df8653bd564598017fa83321e6

                                SHA512

                                57e5d7a52500739d67b1106943f286e0a1f1286a4222797f9910b063434eeda2f9ddc4dd9dd349166dd9b5918a77fc944bc97b8a34beac4af4edd8acae324cc8

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                168B

                                MD5

                                8de044e2f5e07c993757eec5d755642d

                                SHA1

                                21a771c69903a8a1a774119845521fd7e97fa466

                                SHA256

                                959d9845a7756fbd96cf8898146e18f01085fd2487cf4d7487fefa686c9d819e

                                SHA512

                                3e27665b5a89546280de3ea3dfe84f2a4fa7ad23340bced1d3b06f06fa4a3ea621d86a22ee64f5f234b4ab683d8eb6490fcab108d2adf45d56ff0cdee2168f3a

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                1KB

                                MD5

                                57e004d63a6d0087f8efcaff27336681

                                SHA1

                                50c18674d5900c122479fd6548da1efc6f9b55c3

                                SHA256

                                f322dd01474fb4ffdca55a70b431aa39d4ca96b2ff7f58a870bea00cad7fe217

                                SHA512

                                42921376b05cb2a7c1963d1c76c7d96d48a3b412f1f5bc13e6a5d7895daffb90997d28fc0923a66232ee498aa163f67e28a67bced87c70cc5c61fb060254ae7d

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                1KB

                                MD5

                                7e61046558b11308dc9a57a954fb39e5

                                SHA1

                                c0189839eec9eb47299de4ef2b24be94b9626f7a

                                SHA256

                                88e6f762a803543da5a3c797e97de658100f4c2fb25850b1b150e2d9f1565982

                                SHA512

                                340945df89baa524b9072e1ec434c5793dd640bae1e4a02a01f41082de72cd498712aa98f14ead416143931b3d9ecdf3474a2c118787eb1afb64c9c171cc39de

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                1KB

                                MD5

                                220786bdd00a77413aea036a10fa7940

                                SHA1

                                ed20102a34320df3a9238225ae8db0c43f934df8

                                SHA256

                                47641bd6be161161dee76da873f0ece2f3200dbcafad325d04fb92e9d1e9a32d

                                SHA512

                                f3e02846336c9393abc683d046021ccce9397aa289f87694e7742bb8507eaa303009b6a8efa8963a2ea877f585fe301b1763f685be72464074b087a1e0519136

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                1KB

                                MD5

                                b9b39f7d8b7fc416007ba30cfeca77d7

                                SHA1

                                9df2386e68662d92e9fe1ed14f41d70a98864760

                                SHA256

                                99de903025bbb2345d80b2993257669b5a57e3a3b9bec4bbf0f704549689fdcc

                                SHA512

                                77c9f65d6a896c3a89e3a9f33b6611b226e365839bc9de277f48e4c1f81580db431fe2dc2d0bae6fea5f024ae3ad811d56e75bc8eaef4faac746be207c87d2b6

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                1KB

                                MD5

                                242f3fbcc782a7a1ebef511e35860710

                                SHA1

                                6df56fcac2a02412fabf22a08a07a813b9db83ae

                                SHA256

                                aac9753bcce784d4e98e78b7d4a39e061d7c84124fe5219b764bcafcf4aabf5e

                                SHA512

                                417bdd95bc82965d717fe6665c67efe2d0b7ebc3ccbf15e7924aef438173bb4962be7f0c280d492fb6a4a31b741201f4404770a11f9abac23a54c473d0b3b710

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a0cd7cb0-b6f7-4134-aa0d-9341c48cca32.tmp

                                Filesize

                                369B

                                MD5

                                4bbefbd10ad13f74bd6e424c1c283a53

                                SHA1

                                eb40ad67bfd64d91456e9bd2b5c4f4069be8b1b4

                                SHA256

                                38afd6a772200ebb66286084bb18b289d7541a704c0b9b34f98b7b9a1f43cd27

                                SHA512

                                816c49497580f34a634e3ab00424a3d5f402d3d80fd706812b52e1cc75e5182d197ae1eb82ba4c85a2a31fbbcada343adfb61697a5df5e7bb6202fbfdda976c5

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                cd895aec173182830ccf2ae63bf7ba4b

                                SHA1

                                a82cb07a25a6208ee0c5d7780551fc61c46d4319

                                SHA256

                                4cf06c6a9becf817bcfe68eab135ec55e9650fd48aa48ff2568366f6fd3ec830

                                SHA512

                                32ffe9399ec58039517252b8fd7fbfdea7b48e58f12139a960a52a2fdec7f992a6ffff96277c7bd591e0a057ca787cacc31a267b9a489b8d0e428bc20dcbd66d

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                24c8e7a90a7d67ae8f6f321a4621a58b

                                SHA1

                                ae526a237864c611791c1cdefcf900b1dafecada

                                SHA256

                                03493b4552d830ff4a5860156e8ef98a1a34dc92916f1c5beba49654a88c5f15

                                SHA512

                                98043c746be3e8059cf590d62eba3f6ddca8a30ee2c4b9b00cee074b16cf222e1e5d977eb9268e2576f5b9b93b0357c80133f34f180cb589258cf049016c9de9

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                9e4b0392786a318856b2559d0fc2d704

                                SHA1

                                062d2f5595a4d6de0f40f5981255cbb5601334eb

                                SHA256

                                b98e93060b162c837e35c397b3628fd740c2e25093ebfa40877b13f9537ef37f

                                SHA512

                                7f9911bb1c3ecf76c638e6907f80bc7435d4aaf4891ae59b0dd5eb09c306b0c9417008375c68e12211e69f999afbb13dde22882d263822d61536e4063fc88941

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                e376a497ef86b3e66337cc4089dbcad2

                                SHA1

                                a9e1ba5e72f99b11058f6e6a5836a5acdebba860

                                SHA256

                                267c16491d30f123f0a32ab85e2bb5022eb01a1fdaa5b944edb4a0154e714de5

                                SHA512

                                526b1ca7415cc1c4d228fc1b58b2d9045924d2dc8c159d69e49991c4baeeafec51297ee60f8344a780a76c114a963044978b0a5c64cae58e43b8a573631d83d5

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                136KB

                                MD5

                                4196bff4b3f073c8fa92f2adbc2b6031

                                SHA1

                                6b3b22422d2efd6c7d39142dfcb763ca727818f8

                                SHA256

                                71996b4008808d99fffa6c74c4de741da122e95f9adb4201e3896eacf0b52673

                                SHA512

                                9a6dda9a201cb009e3c0b7bae2c7afa18fc66ef9a4be57379e1cae6ffcdbb686af97ac6bfd48cd65beeb0f9ac335c697bc334b3cdf1de7e7c09986187a2cb839

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                Filesize

                                2B

                                MD5

                                99914b932bd37a50b983c5e7c90ae93b

                                SHA1

                                bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                SHA256

                                44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                SHA512

                                27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd