Analysis
-
max time kernel
30s -
max time network
35s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
19/11/2024, 15:46
Static task
static1
Behavioral task
behavioral1
Sample
+Pyt0bWTwFTFjOGZk.html
Resource
win7-20240729-en
windows7-x64
7 signatures
30 seconds
Behavioral task
behavioral2
Sample
+Pyt0bWTwFTFjOGZk.html
Resource
win10v2004-20241007-en
windows10-2004-x64
9 signatures
30 seconds
General
-
Target
+Pyt0bWTwFTFjOGZk.html
-
Size
11KB
-
MD5
536208130a179eb1dcf9c010e5d6acb8
-
SHA1
212c98db5e636d84100dc95717698d082cca4a21
-
SHA256
36eeb9511ec4db437af330bd99828e4ab4441ace56eff9f544dbc68034199901
-
SHA512
da719500ba6df4981629d6e19834ca6d2987df14eccf3871b33e4e3fd260b9f6892c53f013022b15e5dc43f7a2b79ad4cff57d28f586c9ca01ac39a825463983
-
SSDEEP
192:HouBqI6FBqIMSQ3i6FSqugxu6Rnigni6U3qV0OKPGvBqIo8z1SHJ:HhAI6FAIMSQTtVHPOqVbeEAIo8wJ
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765048521498868" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1680 chrome.exe 1680 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe -
Suspicious use of AdjustPrivilegeToken 58 IoCs
description pid Process Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe Token: SeShutdownPrivilege 1680 chrome.exe Token: SeCreatePagefilePrivilege 1680 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe 1680 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1680 wrote to memory of 1668 1680 chrome.exe 83 PID 1680 wrote to memory of 1668 1680 chrome.exe 83 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 1016 1680 chrome.exe 84 PID 1680 wrote to memory of 4584 1680 chrome.exe 85 PID 1680 wrote to memory of 4584 1680 chrome.exe 85 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86 PID 1680 wrote to memory of 3188 1680 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\+Pyt0bWTwFTFjOGZk.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1680 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe4855cc40,0x7ffe4855cc4c,0x7ffe4855cc582⤵PID:1668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,2968099531266133589,13701445629702233037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1924 /prefetch:22⤵PID:1016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,2968099531266133589,13701445629702233037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:32⤵PID:4584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1220,i,2968099531266133589,13701445629702233037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2256 /prefetch:82⤵PID:3188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,2968099531266133589,13701445629702233037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:12⤵PID:4512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,2968099531266133589,13701445629702233037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:12⤵PID:2720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4660,i,2968099531266133589,13701445629702233037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4692 /prefetch:12⤵PID:3744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4944,i,2968099531266133589,13701445629702233037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:82⤵PID:4852
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3956
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3244
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD58010b6ae8c681bc757270f031c63511e
SHA1dcc6b7e3ba26ae229621043ce7b9b0de32b653c5
SHA2569dc250cc891347892287fb4b6050053c9c4d72f1b89b5c4007e1511bbec05d50
SHA512ac28e93c8636891bc789c1f551594f92969fd67cba3c0b330e43306f055542189a9a02c1fad5b948ef2774387b079b9adc03ee30b02b542fbae6afbc5e59b345
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
523B
MD5149c799a3900e2e402fcef3101e8deb1
SHA1296439131c0ee037f245226428e44e5807fc3dab
SHA25647a726f237c6dc6bdb656680e6c77fbc753f91af04e3bd4402a707945bbddfed
SHA512850f27f00b4abb91880cf4a00a802c810cb5620f909250038813b5983a36282433c5c20156fff67f88ee920b3f84b2a3eb7e08e09bad0c3f188caf873913e63a
-
Filesize
9KB
MD5c3a86186c4c4745c50499a691a5d71c6
SHA1c4d3655babee3c3dbbc837b6e9216f0d2080cd7b
SHA2566dccc662cb903b32e49c786fb4c73f2eff80ce15d4c0db3fe70d63ad36ebf801
SHA5122fbe2f441362df4198bcfb34bf6eb3748f3675b834339777eae1b022ac7f739e4407e5b11e6397ebc3f674b8a6c17c4ecd1642dfd3a48b802743ca7a969ec974
-
Filesize
9KB
MD5fc150f4dbbbe77f3dfc72dc734145ac6
SHA15d673683fe3215ec3b2af29ed466723dcdb82aaf
SHA2560d9e4606281cab53dece25f03d850e72d123eff649c101fd3f2485e7fc67cfb8
SHA512bd22d5a8b5a3d28c28dd132b29281b9f829405fcdf61bbb5ec1e2fcd5508ddc7ddd15a94c14b7b6315d11deb2d04e0157446b78d88f11dec4971b8f589452ec9
-
Filesize
116KB
MD5a4e7203a29417825f8dbaa4371458b35
SHA17f0cf5f51e3759cc4017487b0fd7c2e0ee833add
SHA2563e7187ce90db7ce681082520081cef8bd9df2a9d7978e7eee93e95fc767196ac
SHA512558201092da57655c44cb5e8eb91aa99205a9731e56b8fe229459bda08576d621ca4fa9c019bb40bc9b20efb5d9572a8caeda87fc372b0119bcf71da799b72cc