13097307fbee20a0921c59fa3b0b6ea6dd3dbf5b9b7565c168f090ac2f81805c

Analysis

max time kernel
14s
max time network
12s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
20/08/2024, 06:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

search.html
Size

73KB
MD5

196ac7b59e08462c4019fd0de8c12def
SHA1

611bc45461bd7c0f8e445b29cac71b69ccf2dcb8
SHA256

13097307fbee20a0921c59fa3b0b6ea6dd3dbf5b9b7565c168f090ac2f81805c
SHA512

762b76313f9a07c8368063fce2e7379c38fa21570ec49bfa2d61f52aebc0a4b0434f88f2844dc162ccf47b77a3c47480035eb1547d4a5b1dff758e28e88ad4a1
SSDEEP

1536:2DcbziQP6f4fJmgZZUhQuwY2/JQN9oEYZ930P5VAlovUrJcJn9cH9u2QHVuhbGac:w6i3fh2/JQN9oEYZ5gJ9OJGanc

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133686095650300816"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4288 wrote to memory of 2976	4288	chrome.exe	82
PID 4288 wrote to memory of 2976	4288	chrome.exe	82
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 860	4288	chrome.exe	83
PID 4288 wrote to memory of 3632	4288	chrome.exe	84
PID 4288 wrote to memory of 3632	4288	chrome.exe	84
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85
PID 4288 wrote to memory of 2348	4288	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\search.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6c0ecc40,0x7ffb6c0ecc4c,0x7ffb6c0ecc58
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,18227321729844582850,18192329575692129850,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,18227321729844582850,18192329575692129850,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1728,i,18227321729844582850,18192329575692129850,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2396 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3040,i,18227321729844582850,18192329575692129850,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,18227321729844582850,18192329575692129850,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4644,i,18227321729844582850,18192329575692129850,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:2508

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1188

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
247c948e7ff6412cfdabc7759980d99c

SHA1
c9ef29dea519b08f1ef7961e43ab25eb8b78fe86

SHA256
a5983830314f0f6804c91d4af9de09f6c70abdd17cff6d577fabd46f52a98efc

SHA512
6ef0f8ec83fc71f7604bcabde9ee7ce4268f255a14d7ec4d423d1be64bb0a6dd829a5054ff741b6e54b5349c2c75d99f4afcbc7f618cd48f33cd55ec22c4b48f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
650e123de7a51c93d1c3e0ff8e8a4a4c

SHA1
78702d83a907314081e95b78a52d57ba0cae140c

SHA256
5ada1e18808ca94c6712b5137315d5943326fb07de37393abae1ab3806ba74a9

SHA512
f67b0c423028c0f5cfd44a5c2e59d49f8e5c5de19382ae789a0dffc04532b752cff925d3bf842540e3320c8f09d4f5899e521dced31e08988009fcca3d7699f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
410f0c6c26b9feeedffbc52c9aad0db9

SHA1
5adefc7cbff5840b1175872c9b48f40836087807

SHA256
c40ce6b3c41fe11ff308b98d5dea6a6daab0fc526423b5c9e2e928f4b41dd983

SHA512
e5e95b33318d531a8725ac23851d212b648ad8d9ebbb5c5402774814bcad85addf9516b605ffab273c4ae2fb2863605315596a6e127078bb8ec8e3898bf242a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
6cef7c7caf5f5c6ddf4c03f560596157

SHA1
cfd2353aa602c87faa6228d54d10cf03d213fc8c

SHA256
f872c413aa4f956d862970c7799a40de570c827dd15c43b446810e1f96357473

SHA512
253d369dfef768e851b88315999b6742f8fc6c75c58b9f2dce2883be9e1b8dbd7996799cc2df75b7e0174da59773e5f9210ab14d95f4c77e1e20b32b9e8ac8f2

Download Submit