Analysis Overview
Threat Level: Likely benign
The file http://google.com was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand STEAM.
Drops file in Windows directory
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-05 15:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-05 15:45
Reported
2024-11-05 15:45
Platform
win10ltsc2021-20241023-en
Max time kernel
33s
Max time network
34s
Command Line
Signatures
Detected potential entity reuse from brand STEAM.
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133752951174141962" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1361837696-2276465416-1936241636-1000\{2BEC406A-FD90-4E10-A6DA-7F9440D460BC} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7fffb572cc40,0x7fffb572cc4c,0x7fffb572cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,16930785297652107583,18192039076251284900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1992 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,16930785297652107583,18192039076251284900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,16930785297652107583,18192039076251284900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2432 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,16930785297652107583,18192039076251284900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3092 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3060,i,16930785297652107583,18192039076251284900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4496,i,16930785297652107583,18192039076251284900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3664 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4716,i,16930785297652107583,18192039076251284900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3396 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4908,i,16930785297652107583,18192039076251284900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4728 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,16930785297652107583,18192039076251284900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4520 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5044,i,16930785297652107583,18192039076251284900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5328,i,16930785297652107583,18192039076251284900,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5376 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.14:80 | google.com | tcp |
| GB | 142.250.200.14:80 | google.com | tcp |
| GB | 142.250.200.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 216.58.213.1:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| SG | 74.125.24.94:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| SG | 74.125.24.94:443 | id.google.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 94.24.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.fastly.steamstatic.com | udp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 52.67.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.fastly.steamstatic.com | udp |
| US | 8.8.8.8:53 | shared.fastly.steamstatic.com | udp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| GB | 2.23.205.133:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 52.3.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.205.23.2.in-addr.arpa | udp |
| GB | 2.23.205.133:443 | store.steampowered.com | tcp |
| GB | 2.23.205.133:443 | store.steampowered.com | tcp |
| GB | 2.23.205.133:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 104.82.234.109:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| GB | 142.250.187.234:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.229.21:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 104.19.229.21:443 | newassets.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 21.229.19.104.in-addr.arpa | udp |
| US | 104.19.229.21:443 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| NL | 20.31.169.57:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| SE | 192.229.221.95:80 | tcp |
Files
\??\pipe\crashpad_3340_WSSSIMGXGKXPTNLI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | f906eb3c196fc6101406d9d4aab9d516 |
| SHA1 | 190da3ae5fccd3d2eff38bb39a7376b5bce6fa82 |
| SHA256 | da00d802751af5da451e68658aba879b86819c24bca208def76037322bd7317d |
| SHA512 | 58c3e9f8086a3d536a7cfeab05eb15019a6f39ceddf2c170d2bbb34741ef8d6fd55687d41618e6ac18fa91230f2320cf0162c61041265a2b9e094bfbad6efb0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6d4e128e7eb28741749e90194cfb04bb |
| SHA1 | 0ed1b16f6dc4476e2f6955d75c864d0c996b1726 |
| SHA256 | f59470776d440cb3ee9781adbe4a42689965396062e2d6e1acf985a62874d73c |
| SHA512 | 06eeb3ec936de05ad9598f9d12eadb5cd424bdfc9c8fc3c743f6dad9c5f801c8368e359b6402d556659c988f8a393d2b412abe2eec5285460ee76abcd82b1d6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8e722062f2aa760fdcbc7330436c7dee |
| SHA1 | 8048a2bac11ce3bc9ad4402bfa135904b46abec7 |
| SHA256 | da1586238f5b7a28ad9bb0ba3510f6858189106fe53799eff3f198fecc3ef41c |
| SHA512 | e8f6dd47644a01f4684e86491431214cf54b00141289603752468fca05203fc1aa839d38a2e08309aa68001a2250a784f635be72395d9dec7cc48af6dce1bf6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 439be398e18533b1a375b3f63c6a498e |
| SHA1 | 2a813cc09f6ad3db3413b607eb4842bde88c8f68 |
| SHA256 | d28e4d2ea2027a4a0bd2bc802dca2bf0c9389d573bae71db662c9a9161841d05 |
| SHA512 | 95ddbdfd623a7490b383d410e636e4c4450c898fa192f2af748c2979846154e96d7731bf18d4d22a9fdd1ddbf35adec5f2018dc4d344d26d616a89ab9d39b9f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 43e95a3c36e341e3da0b39e990836a61 |
| SHA1 | 58d043ec08e9c1f2033940e6fb20eb1850076dfb |
| SHA256 | cd00454d72b01ba1b1319506e9944a7ac07359082b44b8494cd955c9fbc8afe0 |
| SHA512 | f23d9571a6456d29ef444f34db40b48a92df0e37069f5c3d0c6f5a54c34bdfdbe5696c8a3c18023515c0312d85ffd05311df7ae67f9154dac6597ee2da55a16f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 92aab511b7003e842d0f8cb6c7db4bb1 |
| SHA1 | f79ffba1b24d41adc601d176cb17d281742a39c3 |
| SHA256 | 23843b61152ae4ddec7fa8afcc68fb15f0b289ed3c6d6f2acde34c5d8e931d31 |
| SHA512 | 88fe02c0729f3192aff65ba83e4b3c4375e075ca6b8e2b1ca582e520d789fc033a1a191daf585fa59522542c0d552095d39ee43cb4e68ae042ec81793e1969d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 918b92033864194218d0fb0f6ddcf26a |
| SHA1 | 9e9e3a0790826dfe3f4834aabf3a6d1569674ea1 |
| SHA256 | cdcf4a79c48ffce9e795ea582420bab6f4b8b02e8abacbbf2b92a66ee4a1805a |
| SHA512 | 0ee5696fa7111ee3460f39f6d56927d51d01bf3a150a1096af976bced14cae0cd968dfd69a9cbc030fbae0a2ef20206a5a5acf5a8a9323f3244ebb1f36822059 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4624b6248377da45e90226a39c0256ad |
| SHA1 | 0d083c3e940708d388e462cc0cf8f5303ed210bf |
| SHA256 | 37bfe696dc82271673ef0eb6e6191f13ce0f73d24aeee83835814e0d870660c4 |
| SHA512 | 5285d6813f24b598ccccb8037cdce7935b605ce65c5407a08923220e34d9394c526199e2195e454f3bc8181a71c5ea0905c54e13a936035effe7be211bed6b2c |