b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Resubmissions

10-12-2024 16:52

241210-vdj9wazrby 4

Analysis

max time kernel
57s
max time network
47s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-fr
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-frlocale:fr-fros:windows10-ltsc 2021-x64systemwindows
submitted
10-12-2024 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

open.gif
Size

43B
MD5

325472601571f31e1bf00674c368d335
SHA1

2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
SHA256

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
SHA512

717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133783231682976535"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe
Token: SeShutdownPrivilege	2912	chrome.exe
Token: SeCreatePagefilePrivilege	2912	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2504	2912	chrome.exe	82
PID 2912 wrote to memory of 2504	2912	chrome.exe	82
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 4584	2912	chrome.exe	83
PID 2912 wrote to memory of 3452	2912	chrome.exe	84
PID 2912 wrote to memory of 3452	2912	chrome.exe	84
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85
PID 2912 wrote to memory of 852	2912	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\open.gif
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffc0a61cc40,0x7ffc0a61cc4c,0x7ffc0a61cc58
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,6583387942747618051,14387296394837008572,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2020,i,6583387942747618051,14387296394837008572,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,6583387942747618051,14387296394837008572,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,6583387942747618051,14387296394837008572,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,6583387942747618051,14387296394837008572,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4472,i,6583387942747618051,14387296394837008572,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  PID:1676

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1608

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e32039bbfb3d07851aee02b1c5d2ec13

SHA1
ee95f1ff7581b48193c128426672de6c8c3dfeb3

SHA256
4f97c0cc61dc3a65d98090d706ba16163af1394b6c2833e81874e3045b23fc73

SHA512
d9fb14d2c7269c4218a9f47da096e46eaf976e823e821f41e3297f6521d19d00d30c9a04330edec411fa65a0e5fb0576d0d5988502784944d73c28ce63d6dd14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ab87827087ac5695ebb42353330afcc

SHA1
de0f2d2403a595b43bcf48b2aed4812dcdec2128

SHA256
f2df804231c85e9f1cedbb49d26b8ceb930ce8a282a125b5334e13232ad26dd3

SHA512
7f261e26f2f91525587edc43859169c0042a0b485e372c392c386569e5f2b60f63a1c59e82083f4308d7a77e61fd095880017c635e4f38a75f083f580480d506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
411ae3e19f1a304425294b975ff799d3

SHA1
e30032c89107ff5c73b5a1c41e280ca04c05e39d

SHA256
89e64f7b0fbe7f2e07acf75fee02488f1aedfceb68f2d69ab3f82e350a300503

SHA512
5ed6ac895bd7ae34c13b31b4272914ab2a040eefc586adf958b1db374e55020bd6a2a252f353474b8773afaa3b6eae48f9f768cacf26a738bcd51f9f6550150f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5bba142ebaaf37c11958b0c02d067ee0

SHA1
eb6b210d641a270dceb290c9b9fda5c5b29be381

SHA256
e017cbab5ee30351895bf67e19cacb4c2bf098318dc3527561a4182972e1f349

SHA512
224f61f71dbba2b6f02c553baeff9714ee3f6960c720410ceabf2fb38496c5a75f0862f06fbf7d9ec7394e39b3fbf13e10b0bcf64702e48afd9fef7b61a1d0ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
295e6d9b4414acdb2b0193be448df197

SHA1
dd9ae738da30f4d30cc2af466b067ef18186e49f

SHA256
6a87e4b0a8cdafafd4df16c400d84fd0164daa27f26c8d4a9b08e39d4c199548

SHA512
0a0097836a721f7dc3b9e8d2239497f3864b888a9fd84010951c3cb1aa7fb85bfaecc521339cc8ad175617680718d6e48ea848a75e3fcff663a5a6c257ad94ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
24f8e66edc0af327175c810a301de5fd

SHA1
0df2035c0c35e38b31ceafc7b0f0b3e1dfddb404

SHA256
34cbc10335ab1e9a59df50af02f446d67c2e67551d33db5bc78a15c2e5a21df6

SHA512
61f35f53fc14da9f81e9b3395b28a5b3fe88f2a0b0aff0bd9e37440e7c825b69c1e861c2807f60f0cab0f4e2e3b032c7d9d77ee85cdbb30da103476a15308190

Download Submit