Analysis Overview
SHA256
2dfa25da9ed9b2358ac8458ffab1bdcfb16f8e26579716bb123f3a7e89688401
Threat Level: Likely benign
The file sample was found to be: Likely benign.
Malicious Activity Summary
Drops file in Windows directory
Browser Information Discovery
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 21:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 21:43
Reported
2024-11-09 21:44
Platform
win11-20241007-en
Max time kernel
21s
Max time network
26s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756622201918872" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa6d1cc40,0x7ffaa6d1cc4c,0x7ffaa6d1cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2024 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1548,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4548,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4568,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4336,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4800,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5228 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5232,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3524 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5052,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4412,i,4007494816471737367,1820894712812112244,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004E8
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.78:80 | www.google-analytics.com | tcp |
| GB | 172.217.169.78:80 | www.google-analytics.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | nobrain.dk | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.42:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.200.42:443 | ogads-pa.googleapis.com | udp |
| US | 104.21.235.20:80 | nobrain.dk | tcp |
| US | 104.21.235.20:80 | nobrain.dk | tcp |
| US | 104.21.235.20:80 | nobrain.dk | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 104.21.235.20:443 | nobrain.dk | tcp |
| US | 104.21.235.20:443 | nobrain.dk | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 104.21.235.20:443 | nobrain.dk | udp |
| US | 8.8.8.8:53 | 20.235.21.104.in-addr.arpa | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
Files
\??\pipe\crashpad_2032_YCNHUAYNEVNMWHCV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 14576608a845e73b72f29143f01fa6be |
| SHA1 | 9b6f2daf5dc2a7b6847c90f5b2c1a023b8752f21 |
| SHA256 | 79cecc9dda3d9f672dfe4e469a12b9aa41b8e75c2de242e9d0697e2e068f8c38 |
| SHA512 | 9df9f21e65815a5ca389c9b0b4c94dc7b1f0a4e8f286a42507a068824e943892630009396732b6871d11b494b284edff7c7f518fd533e51b178d2493caeb923f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 97090ce6bdb6aa88be85380916ee0572 |
| SHA1 | ebe5417dfe308c793f4e7b63e1fbf18860d739c6 |
| SHA256 | 0c445b3a20d956bfe7d785ffab61ef8d31d04adf41a986b6fcecaff4e12959ad |
| SHA512 | 05ddaa349e7fcc6f8a0525a1ce1d67daee3f22c95b9a53b1d9c7e6be4a640d62bb6910ade1220c0f4845a49297f35322916042befed6cb50ee9a91c88239d1b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c25797f25ef2149febc2f4cdcd9a62c3 |
| SHA1 | 9f771b59a2d92751cef09e1d531f884d0955dea0 |
| SHA256 | 21f548573ac41a1e9f71f07bf433712bffa35ca31e13cc471db04548e3241fb1 |
| SHA512 | 471ac463ed4fcdc0a3d96eae38d71dae2f64f8ff7cdbf719a4facad6e65f12b440a4cc5e6ced4113be5ed1838bae8c4bca7bb214667d57026c24793e9120e8b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8c4a231dddd09c08b42272cc7a18596b |
| SHA1 | 9c7b4523a60d02e9707eeffb02177ac262a72455 |
| SHA256 | e14f74efa6a5785debc6e87e75082940bc35b4fca35ffb08f8a7734eafa54621 |
| SHA512 | 8d25e835f097ba6c8abd044feb2d0b5720cddc5c9ccd849d4bf0d54fdc0eec6fc954736e2eac769af70c5982503b5087c9e4b5c9b4ff27ec6034abff34a2a9be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 41724fef5364abd7dcb4f0fd7987fc08 |
| SHA1 | aeff105b3b6f99893b6b6f279a34fb2e121b57a8 |
| SHA256 | 3ce158e105ddf56079c6d7e2981cc087e01c993c5ef0e6ecbf3b47eed5cc9af0 |
| SHA512 | 2ca35ca1006dc6b88a9308edf2df29f88b9112f25eeb2583b779fe908124f5e19204b002f158f3913112f610d16ede11a889845c91b9e650677e3c9ae9fee1be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bf2f4e6cd557a3878d2906797822c6fe |
| SHA1 | 8a0549788562433c8de77d365ac4891d4b125e6a |
| SHA256 | e1ef8ee4b433b38b14a8e27b6485974408b2387416a285ed684e6cfeb8ef6723 |
| SHA512 | 8f8a2c892ad4b06df53c44ca87215150ecb5b071743f11a1b053e980dbf12e4bbc984bc7367de8404d38079dbaaa00b19706086be4f86f4b53ff1c62f5aa0ed7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9e670fa77eac65780e396768b4ffdd8b |
| SHA1 | e377996d29404db57df0c90ab2597024ef026a6c |
| SHA256 | 618d38c4a60648adb0c88c2c5bfe14bb96e8d9285d6120b886bc5d61e2a44952 |
| SHA512 | 3c4cceb40215f1cc353061a51fad32dcb3205e0534203d2a949a65267b2e63f88e4a5e75eba57576f3c329c681d3380e4277782ae43a36f2e69a71bd22be5bf0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | da57f9695d2f9d291f432020be9ff66f |
| SHA1 | 8d468ab327fb6ed6242b7f887a5b9f82e78a495a |
| SHA256 | b691836763277c1770320668bda00cdd37ca5218dfbdfaf76a2cb2103f968ca1 |
| SHA512 | 81a03659ab98bef748d0334d89dbed2f298e1823ec273bb5a281e824bfbcf6e575645cb7a548060e60271d791cc751d0971d7a15a9f473f70b88e845ac1f9213 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 840d76a95489c81d0ab11e71ffc85d2e |
| SHA1 | cab5bc03664464f3d513a7dd575582f68f86f361 |
| SHA256 | 2882c428c5a358ff025c286d8fee26c9ca444555bd29b40773d4ec59f97d6782 |
| SHA512 | d7d3e127bf34d48b99cff88cfb20c8f360748a65926647d794d3f387c41cc66b342442a5a9080a7afbefcc32bd76b7fc34d48828cf57844d6e9b2a98c336419c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 54b0bff3d6862da8ca65f397a109ffad |
| SHA1 | 58d611ca182494d2559f2274de7ceb2e71fc797a |
| SHA256 | 45868fd8907e78b727ca3d068ace78cdedabd620b6ee7d994462365cd8b178c5 |
| SHA512 | 81b170a2b83900c5070b60c959025060ca24a5a93de5d89a1b18989c466d9a91d34a56ab9e42d0ff84588c9c95fed0aa2875a59ee115321b6582090217c25227 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |