Analysis
-
max time kernel
26s -
max time network
20s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
21/09/2024, 21:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://duckduckgo.com
Resource
win10v2004-20240802-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
https://duckduckgo.com
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133714262160468430" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 876 chrome.exe 876 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 876 chrome.exe 876 chrome.exe -
Suspicious use of AdjustPrivilegeToken 52 IoCs
description pid Process Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe Token: SeShutdownPrivilege 876 chrome.exe Token: SeCreatePagefilePrivilege 876 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe 876 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 876 wrote to memory of 1012 876 chrome.exe 82 PID 876 wrote to memory of 1012 876 chrome.exe 82 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4704 876 chrome.exe 83 PID 876 wrote to memory of 4528 876 chrome.exe 84 PID 876 wrote to memory of 4528 876 chrome.exe 84 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85 PID 876 wrote to memory of 4600 876 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://duckduckgo.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:876 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaa33dcc40,0x7ffaa33dcc4c,0x7ffaa33dcc582⤵PID:1012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1672,i,14859525246570447615,3944231515384588431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1664 /prefetch:22⤵PID:4704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,14859525246570447615,3944231515384588431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:32⤵PID:4528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,14859525246570447615,3944231515384588431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:82⤵PID:4600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,14859525246570447615,3944231515384588431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3120 /prefetch:12⤵PID:2772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,14859525246570447615,3944231515384588431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:12⤵PID:3096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4636,i,14859525246570447615,3944231515384588431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:82⤵PID:632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,14859525246570447615,3944231515384588431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4588 /prefetch:82⤵PID:4852
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1504
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1764
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5794d9fce69a5ec628c4691b4a65dc002
SHA1cd511ba499ad914858b8f05c9337d4c4af50c421
SHA256f8bb96238ce09612cad797a3574f4003df662db63158478cbfdc5246addebe12
SHA5120e3874ddcebcbca14832df98d80e2066ea83b0fad21bd75f43048f7177bc6d1aa5d17fc49169cf7f3df23b8671180a7b4e6bcf922a34b54bf47e3bfd9d298563
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD541e57e7fef0e1c6d191fe84ce9e02661
SHA157e78e46f0845f2588ade916061252dd6ac075d3
SHA25662b327a8ed2e0531f3da69fd9b044cfa0792af9bc5b2bd8144ae09228aebdb93
SHA51205d53ceab11db63472eb5209dbf0ff72b5c009f3c8e4ddb1f0390245bad2faf8654f600751b438c707689747dc87edeb06574432e6f379703566493ed30693bb
-
Filesize
692B
MD5d0f76ec7a03b06690bb23f8a5b5c1cc0
SHA13228f56d559930313e883cb7481011544a1b53ae
SHA2568a7e892fe8e1a2acfaa89cc8a37dcbb10321d544cf3815c239afe48c2d901268
SHA512e94448719af381817a3cd0ab540c91332f09856ac5374124378b182c9b57c62dd85609f2d376e7cdca2587720eab6173548a5fca4d5500cd3e2b81d1d9a484e3
-
Filesize
9KB
MD537937643368879b99b91dc283d8d5cef
SHA133c93ccab5044554e5a23d9db02b33afb7ed5cc3
SHA25618e3f0cc5bbbfb5c81fe69e9168fd7886ff0b20b1daa242b734f4794a43fdaa7
SHA512daf467a3e462108d2e06ad53dbcd279b4a751898bc0ad8ee2a1bb96f3395647dc079160c564b4d1d7ccac4e777702bb7c4cbff03a22a3aff8798360a755daa16
-
Filesize
9KB
MD5f45e07f94ddf605d4062024ad6c5ed8a
SHA13b7a6636d267cc2d45cc2ee1fa660533819d9bd9
SHA256adcc1761176300ed31cb7e5bb5a10241f6dca1b0352ff2840177f7fbfa92db30
SHA5128a3e4691b31b1a647257e66d6069631fcb5d9528c15d6db1a604a2e5af0ec471b39b679ae00439c0fc45ad3bc75e184a7e70334fd6196bd5be3be0612ac5aa05
-
Filesize
99KB
MD5a065e37c206a75da183490a685526ee4
SHA1c394728091e7aec1ba9b34253eb60a08cff110cd
SHA256556777d50e0aee908628f135697a6b8d14c91ad746ffc0b5d8daf06ad7305192
SHA51292b9ce6849b057f180cb179993f30706c457f94a5a17a7faa5a3f9babd397612fa1be6c54c48454b8a9e5f6e964a5ea25ff9d2db00adde54c044acdb523a97e7
-
Filesize
99KB
MD52a03b8eb8b074f2ba7900d9512d7ea18
SHA1ddff2cd0668a13a7deb67315fcf9c2c4d797e939
SHA2564e6cf6ce48a02c2f768bf977e9bf4fd41a2ada2aceeb4162e3751bd8a4bbe891
SHA512c6b3959f93ed64957ae78601e72d9392a25e28280fa4bdfd985da2928beaad1059b7974fe2584ab4677c6abda25636cc304668883d79e43849125a38add34f01
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84