243a66cfacc531f877e2b160fe55b5daaf4bf98aa6d512a889bd4810902abba9

Analysis

max time kernel
23s
max time network
19s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1
Size

2KB
MD5

c8c3462abc91bb745d980d44cab1e624
SHA1

b9f445f93fd95fcb103856f22744b8707f96a2ea
SHA256

243a66cfacc531f877e2b160fe55b5daaf4bf98aa6d512a889bd4810902abba9
SHA512

305f4723ca95674b6bd1d24c132637f64df714468bd99fe9deb2bd142da33e06e98898d17c7586701abcd2892649b05e6052b89c100f3202b613f529609c270a

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133729835558225676"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2828	1948	chrome.exe	90
PID 1948 wrote to memory of 2828	1948	chrome.exe	90
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 3660	1948	chrome.exe	91
PID 1948 wrote to memory of 988	1948	chrome.exe	92
PID 1948 wrote to memory of 988	1948	chrome.exe	92
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93
PID 1948 wrote to memory of 4496	1948	chrome.exe	93

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\1
1⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe661fcc40,0x7ffe661fcc4c,0x7ffe661fcc58
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,4296466797595209810,15496427088700953091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,4296466797595209810,15496427088700953091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,4296466797595209810,15496427088700953091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,4296466797595209810,15496427088700953091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,4296466797595209810,15496427088700953091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,4296466797595209810,15496427088700953091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,4296466797595209810,15496427088700953091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,4296466797595209810,15496427088700953091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4668 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4664,i,4296466797595209810,15496427088700953091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,4296466797595209810,15496427088700953091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4840,i,4296466797595209810,15496427088700953091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,4296466797595209810,15496427088700953091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:3752

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:408

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
16b50e3e564532bffcd8b27f4ba2a938

SHA1
5f44680122f883f8fdd2696ea8f601e969c01291

SHA256
203f2fd4490fc9ec2bd327b8ab5636fdcab1ecfba59d1a5caf9380396a99f410

SHA512
4ef8bbab3dd719d906376562250261f81ae2012f6a133ab45d63ab2449f3d264a04a84600a176a5c9da7b9a5705f79fde0dbe0ee49a0075d1a1775a5b0b4daa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f03996de4c102c7595b5aba50827b705

SHA1
e6fe59da80e18ae4f3ea3f405645d13a0c85fabc

SHA256
85318ec62435d0213b94c00239f2dc82427f34ad3e5124cfcc786b3f2a478ff6

SHA512
c88bb6c2fb09d7bd760f4626e54762947077998eb2e9b416e950a42aaf3c444084edd3774a637fe0594f661c6695ea87eab181b012bd4daca22fc4ed7d17b42b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\dde0a9d9-fe79-4b99-9786-18be5c787eb9.tmp

Filesize
15KB

MD5
6cc968547d6a9d56f0ea23c7752cba32

SHA1
c741ee450686a1ea02c4ed9ee086608cb5c58ac9

SHA256
f7bf7dea51c60f4d6d1bab353dea122ce5b14f508089bae69652b0a724551f47

SHA512
c85d44a6cf155964723053aef926a64ea692b30c70c9334f8db3f488942f3c28f82d80586ff284cf939fa7009ef740ecd7d4ff5368ee9e1ae0ef6b1e10a7dd27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
0c4d68ec72bd1318f746f4a4696f79bf

SHA1
27b27ded5df1fe820c8cde20125586c043ea89ee

SHA256
0fbeb6daa465498c5ebc96b0323ca491e9a268fdbd874bbf33578fe29a5752de

SHA512
da1a5d088598ea1d8c5a24a890702d7c58b8d58977ecef60a20fb6b064ffef6d30a7b7a9be91b9f15984120b8d5024fc8f7a412ed17ccfb83e1d433f8e16e117

Download Submit