hxxps://assets-usa[.]mkt[.]dynamics[.]com/33d875f1-037d-ef11-ac1c-7c1e5246d323/digitalassets/standaloneforms/b267e636-1980-ef11-ac20-7c1e520083a8

Resubmissions

04-10-2024 17:34

241004-v5wf8axamn 3

04-10-2024 17:31

241004-v31cdswhpk 3

Analysis

max time kernel
31s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2024 17:34

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://assets-usa.mkt.dynamics.com/33d875f1-037d-ef11-ac1c-7c1e5246d323/digitalassets/standaloneforms/b267e636-1980-ef11-ac20-7c1e520083a8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725369054293639"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4228 wrote to memory of 588	4228	chrome.exe	82
PID 4228 wrote to memory of 588	4228	chrome.exe	82
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 940	4228	chrome.exe	83
PID 4228 wrote to memory of 2648	4228	chrome.exe	84
PID 4228 wrote to memory of 2648	4228	chrome.exe	84
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85
PID 4228 wrote to memory of 1572	4228	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://assets-usa.mkt.dynamics.com/33d875f1-037d-ef11-ac1c-7c1e5246d323/digitalassets/standaloneforms/b267e636-1980-ef11-ac20-7c1e520083a8
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffacaddcc40,0x7ffacaddcc4c,0x7ffacaddcc58
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,2314835407852439883,14508370512410908595,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,2314835407852439883,14508370512410908595,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,2314835407852439883,14508370512410908595,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2272 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,2314835407852439883,14508370512410908595,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,2314835407852439883,14508370512410908595,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4540,i,2314835407852439883,14508370512410908595,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3112,i,2314835407852439883,14508370512410908595,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4948,i,2314835407852439883,14508370512410908595,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4924,i,2314835407852439883,14508370512410908595,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4932,i,2314835407852439883,14508370512410908595,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3460

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4abceec8413caa401f5a16ee28671b92

SHA1
fd0d974849e0a9c6adf1f82b677cea015584b8fe

SHA256
3c5bcf8e6f4484a6887ae9e5c2d2eb84dc547d75112884c60568556bd69f8c63

SHA512
1490ac321aca19a558edbc0a6593253283d2b866513490b3b50a92e7a5318d4dc4d25d6d3a1233cc9fa3884f411eebdd0bc4d7dc5ea99f9ff52670eeee475ec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
a1127d561c8c4b33a6e79c786ecc3d41

SHA1
4ea4f693571c9dc5030601247791f6e7bc28c7bb

SHA256
692fefbd96f571a77e609d6434471bbab935d9112c3bbaedef552978b6e35538

SHA512
68c3af9f008c8f87f197f435bd77f9ae78fc4b68a9e16883f22c90d4138c0e258539ab1ffda10c75d532461a70be5f041d21d8ad18f6251cb77fc4de51fc3056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
b8445097f0720c21afe11d1257ffecda

SHA1
2329a2588aa60a39e0350b9ff1ad902c1d23e676

SHA256
07ce8bed7aa465c223ce707385fd4148e9ba2d83f319c9d34770aa04c38ea587

SHA512
05654fa89150cf6d52f3b06c9438ce38c101663beddb9a8c36542e98ed38d4a14e63cdbba681b009d557e4ddc88356323a33c6fd873b260c80f346d38520403c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
766f6cc7c0925452669890b6fadf5369

SHA1
9119aa30e2a8d88026a1134323444a0f15f04034

SHA256
7c0e3464cb631de458c75f3fb840be56c43a20906911397efbfa2a234b1fdf24

SHA512
779fc38d4eefb5a92d417924b27b972186d1ea3e0e81e79a473f3b2863d4330acf70d43aee9f8d0116e34f725e84d64e23e985ebb3ec513ca4576b937e3d8849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d8f79fb36c766d78428b22f4a9b1a1eb

SHA1
8605ed39170af4cb59537f71b6141ea2ccd4aba1

SHA256
aa0173d20b70fe85251a24437cb85be8bbfa1d35586eee1f746fc67e8b4fd89f

SHA512
4e7b842fcf8498f88747ebef7b4be98ed83b0d3e6d7e5ca13b45e92a7db6a4b3bc825989c05976bade165c2ce4f0730b4b65171bc8717a7d079275315d4c4ba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
71155d7c3c80a6388afb373216345448

SHA1
74b9f465ad4601854ccb262906226f3a7d9a7b7c

SHA256
c99887ca5a1b3b12d483e041b5bc7e611e4dcdf1186f99377c5f21a6ac855e27

SHA512
9529bf056eb5d3ed977c59f3bfe1360f3f6d456c5f4da8987ab5513e1c910d1e3833f537937d0f7c4e1e6825559807aee9c09729078ba891e56b8a7e4403e6a2

Download Submit