Analysis

  • max time kernel
    21s
  • max time network
    26s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/11/2024, 21:43

General

  • Target

    sample.html

  • Size

    5KB

  • MD5

    20a1fd30d115ae6935546704761b6e53

  • SHA1

    4371bf1b72d755ffdaa65531a820ccdd7ceaaf0a

  • SHA256

    2dfa25da9ed9b2358ac8458ffab1bdcfb16f8e26579716bb123f3a7e89688401

  • SHA512

    d3017fd29692629310bb5594ae6aa340718aece292dd6ce7ef8116092e7031e05dbf330de03662f259d52b88faccd5ae3f6e3b099c6bd821a288ec09738aafc7

  • SSDEEP

    96:liKFQ4rpA7ALiQpYQF4C5h3W0zKK3uDSQ:xQTALiQyQyG3W8KEuDSQ

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa6d1cc40,0x7ffaa6d1cc4c,0x7ffaa6d1cc58
      2⤵
        PID:3740
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2024 /prefetch:2
        2⤵
          PID:2176
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1548,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:3
          2⤵
            PID:4784
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:8
            2⤵
              PID:2452
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1
              2⤵
                PID:3652
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
                2⤵
                  PID:4528
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4548,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:8
                  2⤵
                    PID:4724
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4568,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:1
                    2⤵
                      PID:4688
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4336,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:1
                      2⤵
                        PID:5100
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4800,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:1
                        2⤵
                          PID:1352
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5228 /prefetch:8
                          2⤵
                            PID:4740
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5232,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3524 /prefetch:8
                            2⤵
                              PID:3128
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5052,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:1
                              2⤵
                                PID:4884
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4412,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:8
                                2⤵
                                  PID:1860
                              • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                1⤵
                                  PID:3584
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                  1⤵
                                    PID:2700
                                  • C:\Windows\system32\AUDIODG.EXE
                                    C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004E8
                                    1⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:1116

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                    Filesize

                                    649B

                                    MD5

                                    14576608a845e73b72f29143f01fa6be

                                    SHA1

                                    9b6f2daf5dc2a7b6847c90f5b2c1a023b8752f21

                                    SHA256

                                    79cecc9dda3d9f672dfe4e469a12b9aa41b8e75c2de242e9d0697e2e068f8c38

                                    SHA512

                                    9df9f21e65815a5ca389c9b0b4c94dc7b1f0a4e8f286a42507a068824e943892630009396732b6871d11b494b284edff7c7f518fd533e51b178d2493caeb923f

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    120B

                                    MD5

                                    bf2f4e6cd557a3878d2906797822c6fe

                                    SHA1

                                    8a0549788562433c8de77d365ac4891d4b125e6a

                                    SHA256

                                    e1ef8ee4b433b38b14a8e27b6485974408b2387416a285ed684e6cfeb8ef6723

                                    SHA512

                                    8f8a2c892ad4b06df53c44ca87215150ecb5b071743f11a1b053e980dbf12e4bbc984bc7367de8404d38079dbaaa00b19706086be4f86f4b53ff1c62f5aa0ed7

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    da57f9695d2f9d291f432020be9ff66f

                                    SHA1

                                    8d468ab327fb6ed6242b7f887a5b9f82e78a495a

                                    SHA256

                                    b691836763277c1770320668bda00cdd37ca5218dfbdfaf76a2cb2103f968ca1

                                    SHA512

                                    81a03659ab98bef748d0334d89dbed2f298e1823ec273bb5a281e824bfbcf6e575645cb7a548060e60271d791cc751d0971d7a15a9f473f70b88e845ac1f9213

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    523B

                                    MD5

                                    9e670fa77eac65780e396768b4ffdd8b

                                    SHA1

                                    e377996d29404db57df0c90ab2597024ef026a6c

                                    SHA256

                                    618d38c4a60648adb0c88c2c5bfe14bb96e8d9285d6120b886bc5d61e2a44952

                                    SHA512

                                    3c4cceb40215f1cc353061a51fad32dcb3205e0534203d2a949a65267b2e63f88e4a5e75eba57576f3c329c681d3380e4277782ae43a36f2e69a71bd22be5bf0

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    9KB

                                    MD5

                                    54b0bff3d6862da8ca65f397a109ffad

                                    SHA1

                                    58d611ca182494d2559f2274de7ceb2e71fc797a

                                    SHA256

                                    45868fd8907e78b727ca3d068ace78cdedabd620b6ee7d994462365cd8b178c5

                                    SHA512

                                    81b170a2b83900c5070b60c959025060ca24a5a93de5d89a1b18989c466d9a91d34a56ab9e42d0ff84588c9c95fed0aa2875a59ee115321b6582090217c25227

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    9KB

                                    MD5

                                    8c4a231dddd09c08b42272cc7a18596b

                                    SHA1

                                    9c7b4523a60d02e9707eeffb02177ac262a72455

                                    SHA256

                                    e14f74efa6a5785debc6e87e75082940bc35b4fca35ffb08f8a7734eafa54621

                                    SHA512

                                    8d25e835f097ba6c8abd044feb2d0b5720cddc5c9ccd849d4bf0d54fdc0eec6fc954736e2eac769af70c5982503b5087c9e4b5c9b4ff27ec6034abff34a2a9be

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    9KB

                                    MD5

                                    c25797f25ef2149febc2f4cdcd9a62c3

                                    SHA1

                                    9f771b59a2d92751cef09e1d531f884d0955dea0

                                    SHA256

                                    21f548573ac41a1e9f71f07bf433712bffa35ca31e13cc471db04548e3241fb1

                                    SHA512

                                    471ac463ed4fcdc0a3d96eae38d71dae2f64f8ff7cdbf719a4facad6e65f12b440a4cc5e6ced4113be5ed1838bae8c4bca7bb214667d57026c24793e9120e8b0

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    116KB

                                    MD5

                                    97090ce6bdb6aa88be85380916ee0572

                                    SHA1

                                    ebe5417dfe308c793f4e7b63e1fbf18860d739c6

                                    SHA256

                                    0c445b3a20d956bfe7d785ffab61ef8d31d04adf41a986b6fcecaff4e12959ad

                                    SHA512

                                    05ddaa349e7fcc6f8a0525a1ce1d67daee3f22c95b9a53b1d9c7e6be4a640d62bb6910ade1220c0f4845a49297f35322916042befed6cb50ee9a91c88239d1b4

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    116KB

                                    MD5

                                    840d76a95489c81d0ab11e71ffc85d2e

                                    SHA1

                                    cab5bc03664464f3d513a7dd575582f68f86f361

                                    SHA256

                                    2882c428c5a358ff025c286d8fee26c9ca444555bd29b40773d4ec59f97d6782

                                    SHA512

                                    d7d3e127bf34d48b99cff88cfb20c8f360748a65926647d794d3f387c41cc66b342442a5a9080a7afbefcc32bd76b7fc34d48828cf57844d6e9b2a98c336419c

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    116KB

                                    MD5

                                    41724fef5364abd7dcb4f0fd7987fc08

                                    SHA1

                                    aeff105b3b6f99893b6b6f279a34fb2e121b57a8

                                    SHA256

                                    3ce158e105ddf56079c6d7e2981cc087e01c993c5ef0e6ecbf3b47eed5cc9af0

                                    SHA512

                                    2ca35ca1006dc6b88a9308edf2df29f88b9112f25eeb2583b779fe908124f5e19204b002f158f3913112f610d16ede11a889845c91b9e650677e3c9ae9fee1be

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                    Filesize

                                    264KB

                                    MD5

                                    f50f89a0a91564d0b8a211f8921aa7de

                                    SHA1

                                    112403a17dd69d5b9018b8cede023cb3b54eab7d

                                    SHA256

                                    b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                    SHA512

                                    bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58