Analysis Overview
Threat Level: Known bad
The file https://www.bing.com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly85Rm1FLmFyaWRzb2Rpc3RhLmNvbS9xeDlwTy8=/%23 was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-08 10:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-08 10:06
Reported
2024-11-08 10:07
Platform
win10v2004-20241007-en
Max time kernel
25s
Max time network
27s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133755340141679248" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.bing.com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly85Rm1FLmFyaWRzb2Rpc3RhLmNvbS9xeDlwTy8=/%23
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcb555cc40,0x7ffcb555cc4c,0x7ffcb555cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,1273194359837509165,14422141461477781694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1992 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1908,i,1273194359837509165,14422141461477781694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2036 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,1273194359837509165,14422141461477781694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2364 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,1273194359837509165,14422141461477781694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,1273194359837509165,14422141461477781694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3104,i,1273194359837509165,14422141461477781694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4632,i,1273194359837509165,14422141461477781694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4616 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3300,i,1273194359837509165,14422141461477781694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4364 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4920,i,1273194359837509165,14422141461477781694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5112,i,1273194359837509165,14422141461477781694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3368 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x4ac
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4524,i,1273194359837509165,14422141461477781694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4576 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| GB | 92.123.128.195:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | lexinvariant.com | udp |
| US | 172.67.190.244:443 | lexinvariant.com | tcp |
| US | 8.8.8.8:53 | 9fme.aridsodista.com | udp |
| US | 104.21.69.233:443 | 9fme.aridsodista.com | tcp |
| US | 104.21.69.233:443 | 9fme.aridsodista.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.190.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.69.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | blogger.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 104.21.69.233:443 | 9fme.aridsodista.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cx55sicxwljoeheeudmaukvgidvxcu3fphx3n71ulgzy4dmtobwupsbfvjxg.ticurson.com | udp |
| US | 104.21.32.205:443 | cx55sicxwljoeheeudmaukvgidvxcu3fphx3n71ulgzy4dmtobwupsbfvjxg.ticurson.com | tcp |
| US | 8.8.8.8:53 | www.wayfair.com | udp |
| US | 172.64.145.38:443 | www.wayfair.com | tcp |
| US | 172.64.145.38:443 | www.wayfair.com | tcp |
| US | 8.8.8.8:53 | assets.wfcdn.com | udp |
| US | 8.8.8.8:53 | client.perimeterx.net | udp |
| US | 8.8.8.8:53 | prx.wayfair.com | udp |
| US | 104.18.39.111:443 | assets.wfcdn.com | tcp |
| US | 104.18.39.111:443 | assets.wfcdn.com | tcp |
| US | 104.18.39.111:443 | assets.wfcdn.com | tcp |
| US | 104.18.39.111:443 | assets.wfcdn.com | tcp |
| US | 104.18.39.111:443 | assets.wfcdn.com | tcp |
| US | 104.18.39.111:443 | assets.wfcdn.com | tcp |
| US | 104.18.39.111:443 | assets.wfcdn.com | tcp |
| US | 151.101.1.252:443 | prx.wayfair.com | tcp |
| GB | 23.223.126.117:443 | client.perimeterx.net | tcp |
| US | 104.18.39.111:443 | assets.wfcdn.com | udp |
| US | 104.18.39.111:443 | assets.wfcdn.com | udp |
| US | 151.101.1.252:443 | prx.wayfair.com | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 205.32.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.145.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.39.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.126.223.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stk.px-cloud.net | udp |
| US | 34.107.199.61:443 | stk.px-cloud.net | tcp |
| US | 172.64.145.38:443 | www.wayfair.com | udp |
| US | 8.8.8.8:53 | s.pxltgr.com | udp |
| IE | 63.35.177.96:443 | s.pxltgr.com | tcp |
| US | 8.8.8.8:53 | s.wayfair.com | udp |
| US | 8.8.8.8:53 | t.wayfair.com | udp |
| US | 8.8.8.8:53 | edge.fullstory.com | udp |
| US | 172.64.149.140:443 | s.wayfair.com | tcp |
| US | 172.64.149.140:443 | s.wayfair.com | tcp |
| US | 172.64.149.140:443 | s.wayfair.com | tcp |
| US | 172.64.149.140:443 | s.wayfair.com | tcp |
| US | 172.64.149.140:443 | s.wayfair.com | tcp |
| US | 104.18.37.185:443 | t.wayfair.com | tcp |
| US | 104.18.37.185:443 | t.wayfair.com | tcp |
| US | 104.18.37.185:443 | t.wayfair.com | tcp |
| US | 104.18.37.185:443 | t.wayfair.com | tcp |
| US | 104.18.37.185:443 | t.wayfair.com | tcp |
| US | 8.8.8.8:53 | secure.img1-fg.wfcdn.com | udp |
| US | 35.201.112.186:443 | edge.fullstory.com | tcp |
| US | 172.64.149.140:443 | s.wayfair.com | tcp |
| US | 104.18.37.185:443 | t.wayfair.com | tcp |
| US | 172.64.149.140:443 | s.wayfair.com | udp |
| IE | 63.35.177.96:443 | s.pxltgr.com | tcp |
| US | 35.201.112.186:443 | edge.fullstory.com | udp |
| US | 104.18.37.185:443 | t.wayfair.com | udp |
| US | 8.8.8.8:53 | cadmus2.script.ac | udp |
| US | 104.18.22.145:443 | cadmus2.script.ac | tcp |
| US | 8.8.8.8:53 | 61.199.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.177.35.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nym1-ib.adnxs.com | udp |
| US | 68.67.160.186:443 | nym1-ib.adnxs.com | tcp |
| US | 68.67.160.186:443 | nym1-ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 140.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.37.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.112.201.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rs.fullstory.com | udp |
| US | 35.186.194.58:443 | rs.fullstory.com | tcp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.160.67.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.194.186.35.in-addr.arpa | udp |
| US | 35.186.194.58:443 | rs.fullstory.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | cdn.adnxs.com | udp |
| US | 8.8.8.8:53 | crcdn01.adnxs-simple.com | udp |
| US | 151.101.1.108:443 | crcdn01.adnxs-simple.com | tcp |
| US | 151.101.129.108:443 | crcdn01.adnxs-simple.com | tcp |
| US | 151.101.1.108:443 | crcdn01.adnxs-simple.com | tcp |
| US | 151.101.1.108:443 | crcdn01.adnxs-simple.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| DE | 37.252.171.149:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.129.101.151.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 149.171.252.37.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1164_AVXGJBGWXIPSIKTD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 74002258a7ae8a0feaa46c1ce0da7a1c |
| SHA1 | 5962c478678965334d376837ce60a16380181a75 |
| SHA256 | d85627a5031a240d7bd3a478ceae049030918033442c7e631200a5a3474c0ee6 |
| SHA512 | da182dce681980f1fd36c1b3cefbe71e7e96c363319e22781d0b4546e3b97893e0d01987b4bfe2f2f005f5277644c988b6ed12b0d326213972e85b364f92df80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | be0344d0d0065f971b2d5e238566a573 |
| SHA1 | 25ffd6bb6376b7b06f3c33a351bddf95b6342e96 |
| SHA256 | 2003a118eedb177f5d836a484cb6de0e7ec9263c878c3e817b1dd0e58f56b221 |
| SHA512 | cd008ebe311356ee2e2e2a1c0a3a666c3de9c1a80df773a54be581d4af42d74a0b6e948751d885686abbc1e5a2ccd22021251b4ad3b577fe62532791da6b6337 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 61457e13b7d3178c31f5c508032e3884 |
| SHA1 | 4432bec2d03a9b9dafb9e225df120f88d7e85cc1 |
| SHA256 | 78992137a01749d0563727a613cd8c3ee5c3d688142021a309690d5f04c7e988 |
| SHA512 | 83216bd6345be6c7b745f38dad3e2876f50ab74a00c668bd016d679fba8f0d73f8b95e63ea8bd95b9af04dc89c95194aa0f290b0d4f1141aee526b13d7a24056 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 58f6839ecab3de605cd994642964e467 |
| SHA1 | 8007902ed41e3275e73418edd864bbed3212e413 |
| SHA256 | 9b7fca0707b53a8df0f4fac9be6be0ee77b8bf1a20a2955817a2706611cc6e9e |
| SHA512 | fb03c1f5fc828b0bcdf436d5d0127cc0c4f7f22d68229552cae5edf56ddc76e936451930d8848ef04ff2ebf4233cf51b16aff73353615bbf44420ca125a7715c |