fd17c1d6a3d894feecd1b8aabdd618cecf7951416dc1f041f812cdb8ea065fbd

Analysis

max time kernel
135s
max time network
136s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30/09/2024, 11:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Etlbu7.html
Size

490B
MD5

ef80261c90b874fca13f592065adaada
SHA1

401f68b66f4f2e8f5f48516d3985e0ee22b3534a
SHA256

fd17c1d6a3d894feecd1b8aabdd618cecf7951416dc1f041f812cdb8ea065fbd
SHA512

a758fef7725a69f981124ef37d4bb6d0aa27d5a3493ca5a73d5d8849c358457bd6791556a76852465c2039f4b8ee95afe25b0a20b3a8902c51d32e6217f477c2

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133721697247704991"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
600	chrome.exe
600	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
600	chrome.exe
600	chrome.exe
600	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe
Token: SeShutdownPrivilege	600	chrome.exe
Token: SeCreatePagefilePrivilege	600	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe
600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 600 wrote to memory of 2724	600	chrome.exe	73
PID 600 wrote to memory of 2724	600	chrome.exe	73
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 4764	600	chrome.exe	75
PID 600 wrote to memory of 3836	600	chrome.exe	76
PID 600 wrote to memory of 3836	600	chrome.exe	76
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77
PID 600 wrote to memory of 212	600	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Etlbu7.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdad889758,0x7ffdad889768,0x7ffdad889778
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1824,i,16980208862115846508,14075393389552959720,131072 /prefetch:2
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1824,i,16980208862115846508,14075393389552959720,131072 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1824,i,16980208862115846508,14075393389552959720,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1824,i,16980208862115846508,14075393389552959720,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1824,i,16980208862115846508,14075393389552959720,131072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 --field-trial-handle=1824,i,16980208862115846508,14075393389552959720,131072 /prefetch:8
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4276 --field-trial-handle=1824,i,16980208862115846508,14075393389552959720,131072 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3836 --field-trial-handle=1824,i,16980208862115846508,14075393389552959720,131072 /prefetch:1
  2⤵
  PID:4348

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
484B

MD5
dd4a1fe54c2bba702079668550753565

SHA1
6360bbfe0208bbba0e4844f23b1866c9e9d61626

SHA256
aadd2bf1bde8547542fa4915fa8979d3b93d690e4a31f8a54316ef2ff0bacec5

SHA512
a9d2e0fd39cc771c1f791895afc1a32692da2be75bc1502384c2eb3e8a2c0e1728d954aa697bfd7295e6def3b38db923cb923d36b22d0850c4fb8e9071c48416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4d2db0a56af91402bed20786d310be61

SHA1
74848b72b82134308e1f86f26b9fcbef7594cea2

SHA256
69cf1e43775f0f606665dc735b31ae450e409813afeda8622d4c5113add18b73

SHA512
7ca2578ef5689ec935e33bddfb8cd4e1f77e9401dda80a748c71304d4e45f0b486c12077122f563b2e8108d9183f674b8764639a851c437f7374d1007686cc94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e70fce9ea22f3c85051764844e97c301

SHA1
f313ddf3baf27b990890ae99aa32f896f9e31e8a

SHA256
26440b63afdd374afb9fd4fa8dceb7aadc1884776ba0f64898105b30b6b5e827

SHA512
ddc6ba3d9b44e4359ef0f2bb809f37c053b66f04e3c38e291ae69feb07ca71f2f5ce707ea33e787ffa8f051c67f057b279a875a561ef58e5d1cb15369bfb6715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
2843f5c43c392d279f032f7cc45e6048

SHA1
2083050622fb44d954c214ba939ff97ad19250b2

SHA256
f9e3a85f3c7754bc17fcc4a73ce78065616e97c8217da6c82cadd067c3ee64a3

SHA512
39853ac8daf970260b5b89bab94373b7768636918370b667761cc390ad491a1ecee89d2f029e8a78b8a4564ce1d61ccd3eb0fb9aeece1a66b854669cabd76f18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
a4d9d6ad7bca7f739f73b99284a6ec62

SHA1
4e6fa9b5a483ac117380c746df7b2fc9b4036987

SHA256
9ba836101f6ee499ca79e9ae004a263ba78485b8a427f11014df421b83446777

SHA512
1d71853cf68494ab6478d19cfba48eb3a879c1980246fc06476e4728a92d4074b2f42629690cd4fb01b8c91beeccaa9fc3a806281eed24821a06d79e257dc2a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit