hxxps://insight[.]gwi[.]com/e3t/Ctc/T3+113/c1YzQ04/VVKT1b48psfPW1QVKT7308B4kW35KrPN5khnqKN2_Qd585nR32W7Y9pgv6lZ3nvW7dKZs_4HHmdZW4wy0cW7bdkrBW7ly-RL3CjbxWVjxDDm3BBYlbN1x6LTcdKPTTW8xvdn74kP6ynW5Ll0rz1HCrzHN7wV6FjptHj7W9kmqtZ9dLm59W4YN3p85bycf5VTqmDs6L4j91W5439Vn8KR-N2W55rVnl2gWpwsN4-hm07XbxV9VYnC9r10G799W7TDwrv1VGbW3W1pRPYZ16ZtppV-BT6G3z8qYPVkL_Cq6ZfyNSVSdFjh2YB_vzW26WBq-36hsw2VbKqjz3DF1nCW8NV2dV4Rp328W49F8WM26kTZQW4L7wz86P-tQJW41Yf0f60xWL_W3w314N5FdK5QW2M9SG11nxN6tW7Hd9g58F8jlTW3b16nT5wnv3wW90k6xG1HsT_PW3NBjPS4bdj1mW5Xyn0P1C2_Y6W848TgB3cRXGxW3bcX-Y66DrCVW6l9Pqr9b0l3lW7bkgCZ4DTYw4W3FPs553N3hFZW7pPrLg4k1PQpW5gQ_t_1plg1fW5MQzXy2jtD5fW4H95cg795mdgf8nN7KM04

Analysis

max time kernel
15s
max time network
16s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2024, 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://insight.gwi.com/e3t/Ctc/T3+113/c1YzQ04/VVKT1b48psfPW1QVKT7308B4kW35KrPN5khnqKN2_Qd585nR32W7Y9pgv6lZ3nvW7dKZs_4HHmdZW4wy0cW7bdkrBW7ly-RL3CjbxWVjxDDm3BBYlbN1x6LTcdKPTTW8xvdn74kP6ynW5Ll0rz1HCrzHN7wV6FjptHj7W9kmqtZ9dLm59W4YN3p85bycf5VTqmDs6L4j91W5439Vn8KR-N2W55rVnl2gWpwsN4-hm07XbxV9VYnC9r10G799W7TDwrv1VGbW3W1pRPYZ16ZtppV-BT6G3z8qYPVkL_Cq6ZfyNSVSdFjh2YB_vzW26WBq-36hsw2VbKqjz3DF1nCW8NV2dV4Rp328W49F8WM26kTZQW4L7wz86P-tQJW41Yf0f60xWL_W3w314N5FdK5QW2M9SG11nxN6tW7Hd9g58F8jlTW3b16nT5wnv3wW90k6xG1HsT_PW3NBjPS4bdj1mW5Xyn0P1C2_Y6W848TgB3cRXGxW3bcX-Y66DrCVW6l9Pqr9b0l3lW7bkgCZ4DTYw4W3FPs553N3hFZW7pPrLg4k1PQpW5gQ_t_1plg1fW5MQzXy2jtD5fW4H95cg795mdgf8nN7KM04

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133693485139370755"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2704	chrome.exe
2704	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe
Token: SeShutdownPrivilege	2704	chrome.exe
Token: SeCreatePagefilePrivilege	2704	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 4944	2704	chrome.exe	84
PID 2704 wrote to memory of 4944	2704	chrome.exe	84
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 4936	2704	chrome.exe	87
PID 2704 wrote to memory of 2572	2704	chrome.exe	88
PID 2704 wrote to memory of 2572	2704	chrome.exe	88
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89
PID 2704 wrote to memory of 3956	2704	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://insight.gwi.com/e3t/Ctc/T3+113/c1YzQ04/VVKT1b48psfPW1QVKT7308B4kW35KrPN5khnqKN2_Qd585nR32W7Y9pgv6lZ3nvW7dKZs_4HHmdZW4wy0cW7bdkrBW7ly-RL3CjbxWVjxDDm3BBYlbN1x6LTcdKPTTW8xvdn74kP6ynW5Ll0rz1HCrzHN7wV6FjptHj7W9kmqtZ9dLm59W4YN3p85bycf5VTqmDs6L4j91W5439Vn8KR-N2W55rVnl2gWpwsN4-hm07XbxV9VYnC9r10G799W7TDwrv1VGbW3W1pRPYZ16ZtppV-BT6G3z8qYPVkL_Cq6ZfyNSVSdFjh2YB_vzW26WBq-36hsw2VbKqjz3DF1nCW8NV2dV4Rp328W49F8WM26kTZQW4L7wz86P-tQJW41Yf0f60xWL_W3w314N5FdK5QW2M9SG11nxN6tW7Hd9g58F8jlTW3b16nT5wnv3wW90k6xG1HsT_PW3NBjPS4bdj1mW5Xyn0P1C2_Y6W848TgB3cRXGxW3bcX-Y66DrCVW6l9Pqr9b0l3lW7bkgCZ4DTYw4W3FPs553N3hFZW7pPrLg4k1PQpW5gQ_t_1plg1fW5MQzXy2jtD5fW4H95cg795mdgf8nN7KM04
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff90235cc40,0x7ff90235cc4c,0x7ff90235cc58
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,18152247451336777748,602578973275067046,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,18152247451336777748,602578973275067046,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,18152247451336777748,602578973275067046,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,18152247451336777748,602578973275067046,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,18152247451336777748,602578973275067046,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,18152247451336777748,602578973275067046,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4624,i,18152247451336777748,602578973275067046,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4832,i,18152247451336777748,602578973275067046,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5268,i,18152247451336777748,602578973275067046,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:3680

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3068

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b539e9a63bec10496da4c1b66ffc26ac

SHA1
75ea173eb1d890dd1b04f60757bbe27100df6a72

SHA256
8fb98420cfc5684a7c44fa1b2405f256035615dc7039184b0c6ce8a42f840266

SHA512
309b7f406385cdcab958f7131ac0ed3238b4f51da86b186825beb343b5e158478a9efc2eee3b3d65aa76809106ef9b4b2d82c94fcac488598cfe3a0ca73f67fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f7ac2304609153208300f7228f3bfa94

SHA1
7d3283f7d6b9763ad2624bd9a50d6b9212bcb0bf

SHA256
742cf5b724c656df80f75cebc48083b1c9b09cfee82a010a9a5442e3ae002999

SHA512
f1b4b4a83c933b895c2203b5adb182e8f872ce9b907281ec7f9d4b35adc6ed72512238461806f6c90341459aebc729f1b01ce6807f8e919d57ac12c070d545e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
36c714151d08f1aeca5d909002155b1c

SHA1
5597cc1470e2345e53048aae812def6c6a716879

SHA256
da38f53ecdd1b7cf6b67c8bf647906a6be791f7dcfd68f95680a758efe8eea90

SHA512
55d1694c5ba3729e059e0303f0b95058a8c8d331569fa16d4aada7fe063ac91045614adccf73d28a828c96f4207369e0f661c141fc4ffcecd2cef8a65288f31f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e777d830398a3317d0f09d154bce4ff5

SHA1
7a945e1411329b87adad6183b67cf4418e61e74a

SHA256
94d109da1e591a6b84eec1486fcedbce94e220993c4dce6664a1507c42d8a5a9

SHA512
333c3774380ec295cbed27f8158f5b5811130c6dccdb6872c00b5f64d7b6aba9db353eb650f0106a31f265c9f98c49b2204991104dede63971cb98e5bab93b93

Download Submit