Analysis
-
max time kernel
149s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
04-10-2024 21:00
Static task
static1
Behavioral task
behavioral1
Sample
6faef4d5d777fdcaa653766b0ac8b9ed32d0fd87f7dcd79f02ff524dd1b0eb69.html
Resource
win7-20240903-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
6faef4d5d777fdcaa653766b0ac8b9ed32d0fd87f7dcd79f02ff524dd1b0eb69.html
Resource
win10v2004-20240802-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
6faef4d5d777fdcaa653766b0ac8b9ed32d0fd87f7dcd79f02ff524dd1b0eb69.html
-
Size
10KB
-
MD5
720999b43a3be0674180354ac41f20b1
-
SHA1
152a75d80c0bdadb382e1cafe517159cb76a19cc
-
SHA256
6faef4d5d777fdcaa653766b0ac8b9ed32d0fd87f7dcd79f02ff524dd1b0eb69
-
SHA512
dabe86f15dc4273eb536f62e9c2b847c4bbb2da9f0b87f00d0718d9e29ffdc719153504f60f46ed5fc54231e346b83ecb9d0e8aad40cf0256abe9e4cd6a695e6
-
SSDEEP
96:wAL6evwSMhQKrFih8Wdp3667KeQAm+czjJX9059OnBun3nXJgJF2Oiloet2nnSzN:wq6ywSGQKJUnpJKeOJaTE2OiLAI1R
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725492522241436" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2488 chrome.exe 2488 chrome.exe 1472 chrome.exe 1472 chrome.exe 1472 chrome.exe 1472 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2488 chrome.exe 2488 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe Token: SeShutdownPrivilege 2488 chrome.exe Token: SeCreatePagefilePrivilege 2488 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe 2488 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2488 wrote to memory of 3024 2488 chrome.exe 83 PID 2488 wrote to memory of 3024 2488 chrome.exe 83 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4612 2488 chrome.exe 84 PID 2488 wrote to memory of 4020 2488 chrome.exe 85 PID 2488 wrote to memory of 4020 2488 chrome.exe 85 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86 PID 2488 wrote to memory of 3428 2488 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\6faef4d5d777fdcaa653766b0ac8b9ed32d0fd87f7dcd79f02ff524dd1b0eb69.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2488 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff83fddcc40,0x7ff83fddcc4c,0x7ff83fddcc582⤵PID:3024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,2110608493153323513,3715980375588816620,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1816 /prefetch:22⤵PID:4612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,2110608493153323513,3715980375588816620,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:32⤵PID:4020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,2110608493153323513,3715980375588816620,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2548 /prefetch:82⤵PID:3428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,2110608493153323513,3715980375588816620,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:12⤵PID:1460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,2110608493153323513,3715980375588816620,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:2524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4524,i,2110608493153323513,3715980375588816620,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4652 /prefetch:82⤵PID:1732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4504,i,2110608493153323513,3715980375588816620,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4660 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1472
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1236
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2644
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD586f6b509abd6a8fff182b0c30639ccb1
SHA1b753e8c1ab3e2a948657d7dcd854117f74d77b0b
SHA2563c9794c7ceada6070b13c8d43f777fdb371556944035397df59b2c566f415627
SHA512213471d1e8957b58fe500457b1efe32550f5cdd8943b149655a026e3363d72f535d6e5182db000f3ec1fa78972ac32821b6dab29c624b2c21c60442d43614188
-
Filesize
961B
MD55e237a7f3569c6967186ff5d5614d3d8
SHA1575c060c190fd8bd08998048ea21fc10b9e33325
SHA2560259b43499e2bd4286be2022f0943fa3b488a0da82f1a4bc72e060aa86176e0f
SHA512a3290586b6212b5e1da0acbf7b9bac1ec6329915ad379a0377323b8dc4fa6ee7da84497888b88a4fccd1b79b7f2837a637b6c318adc127dc02238fb41ec596f9
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD5ea01a493bb4e05c04564c541fd4e52b9
SHA1960bac8fb0a86aaf906253473aa172fa1c4524bb
SHA256b2ba067c509785fa94a4c9ace741f0b1bc8326a0c5de4075b60fa82e8b4deea7
SHA512ec9b74c0480d3648c9502e87699f1c6d3cf46f61ccc7b4f6c604b8ded95fe1373d32ca617078c719d04a4efe2e8f5653d20d0d6950c3a084a0c567169b7c5806
-
Filesize
9KB
MD58f5c34dfee499077bfb65739c072843e
SHA148a6007396b827fdf9a23f2f9022905138e33ce7
SHA256853bdc2544f809ff2788ca2d3aea316611375de0b3aa60cae259442044988b68
SHA5126a600733f51b24c030fbdd6ea8538c8ddf07cd891c33e47bd766be7f431bc0591344a65147335860232e80e84f7f27112b2867dd297b3494dd2e7e49c6eabc8e
-
Filesize
9KB
MD5db328392e1a2424a7ab738d31c552085
SHA1a7a0085f18749e6ebba4bf85e0fff71820d5d39d
SHA2569c1d92fd967c2157f3a179b01c36adde91d5b55c5e2ea77a37ac6072284b735a
SHA5123bde851b51d498a3908086ede3f530b8bc7b75b8150a8c1a9f90a36b4526a0bec186ca75b45d6d28392a2cc6d8e81f55c350bf85bf3314b3f2ceeb28d2c6d7df
-
Filesize
9KB
MD513a01dce42b9adc4b9b3b2dd16491389
SHA1e1c3a9a9a9e5d6d2a5a7f4ee97d586140689a2a0
SHA256d116c3119d4f4f3a73157ac5fc6940f22d0c806db8d3ea1cec88eb96bf5d561c
SHA512e264a1ad35fdf8ed00236617daa493cf0ae8fd4e5cfce035d27ca0284cc097ceda4d83e3976f8706dea4d56151ff724c5c6b22ff8bb43b4a33021b2dff0d870d
-
Filesize
9KB
MD5f34a829f30bff2e665b766ccf1c1cf8b
SHA10b41288208dc192714999bbe62429955ee8162e8
SHA2565ea6f234589062ae3d91418061238c2cd5494d2105ca18527d23536722698071
SHA512e1cc9dd13816da5108fd9753a3b9381a207ab2adcf9813e76e9e8a4d519ea375033d487d8f933385435f49837576dfde20666acf169b3f02032f2d57138ce436
-
Filesize
99KB
MD5ab9ea707887669619572e8d13be8a607
SHA15399f424c9cf64b88a00f9fae3326a4a33ace895
SHA25683890dde0ecf67e904088eda62d29007b0e8307d1579f47e41100f2cf4336fe9
SHA5127effbe552faa58a557b8c71a823527ce6b67c7cbe07aef51e6393414f6eadcb32c6a04ef966af68e39df436841a7aed320f204887eb919db4808c816033b4a9f
-
Filesize
99KB
MD5d32aea1abdabc210e72666347dce11b5
SHA102cda17ffd0336d53371e72dffaeb6602748a6fe
SHA25614c8240e45195a7c44280aa0d1387229d182121432e7956edf2115d33cf2bfbf
SHA51268c6aa821142fac401308fa747b248a9cf310770a51ae75b2668a7300f4f9683a0432c4e866189457d13a202a7197414345e7c3971be6a6f41afa71f77cf383c