Analysis Overview
SHA256
ec32183425f582f636d59a00571e501ad3161340409a73731dc32b956a890a94
Threat Level: Likely benign
The file . was found to be: Likely benign.
Malicious Activity Summary
Drops file in Windows directory
Browser Information Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-22 22:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-22 22:57
Reported
2024-12-22 23:13
Platform
win11-20241007-en
Max time kernel
299s
Max time network
244s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133793824819658276" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff70b7cc40,0x7fff70b7cc4c,0x7fff70b7cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,4938614584544373549,11105809334018441298,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1796 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,4938614584544373549,11105809334018441298,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,4938614584544373549,11105809334018441298,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,4938614584544373549,11105809334018441298,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,4938614584544373549,11105809334018441298,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4392,i,4938614584544373549,11105809334018441298,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4720,i,4938614584544373549,11105809334018441298,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3724 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
\??\pipe\crashpad_2764_MJXHTNANDBIYSPTX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d1c262e2-cdf8-4de3-bdd6-69c6e036cd4f.tmp
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 226e3ce1607f52cd240311b309c33d36 |
| SHA1 | dc47e9130bdd2ed72247be1eb10df1eae29aeaf2 |
| SHA256 | 478d9c7c7b587f85f028fb84dd29262f1d72b6c21656a1b176aa335c3c1a7e5d |
| SHA512 | fb34321864679d1e9562bc1870154c90857214612c75f470137368e0b2c0fb80c8760274e8816a39a61533973819f4888829365cc213c359c518dc878084fb7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5445679550a22674367064eaea4d781b |
| SHA1 | e0beda9d7eeb57395892b5fdb26eb6cc047e1307 |
| SHA256 | 0c0c2b7ee1fb36d7e0db90cec6e19dc877ad55825fb8e2073ef21e8ba24caccc |
| SHA512 | fbeaa17702d5dae49a655ca889c5ae5a8221f20a859e9da488966b5cf8f5be9b469ac0b98f87e311b46eaca99d59cd72103982ee4f3e420568eedd13551f12c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | adfe28f95d466d1368b03112a061f226 |
| SHA1 | 21e12ef506860d39079b35132b9933d6458c2fb0 |
| SHA256 | 9e7d91f2d1e99fb4f25b7ffb5b9074714fec51bc18f142faea3327b6c59e0864 |
| SHA512 | 5c39c8941ebdefac96581e6540251e9b2d49aedf3003258a59328501d9a8eda54ad13cd9d93817107da6fb2c752c701f463b235d8a7308aebd91cc9564455fb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8074cdf2cc4375922d9daacf0b66d4cf |
| SHA1 | fd53adeca9e6374c8622bba145638684017a47a7 |
| SHA256 | 50d39a50ba0055399b6957d4de398a620e62d28265b77b7b5393b2be664d2765 |
| SHA512 | 466c44fba9e227016b357ec83ad4f2956d6d5c315e42110e3b61c2c4667070ddd967e8d63e1c82b38364c4cc1d623dc5f198ce09ab1d38a16530dc097c7a3b83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 827ed2f17a8848eba1324d8e6e014a8d |
| SHA1 | 155ec1beb85970a1e478baf0af78de8d9d19ab8a |
| SHA256 | ac31ab883b614d3e2e8a1f8e6d8b96574485f2d3c0f15c0d2ffe6009335937e2 |
| SHA512 | 3dbda126974b4c2afb14d639cf162cbf6e5f212afd080eaa390034615f57bbba3cda654ff78d05fa7fdc132bdfac31ae03a7fdb4b4e01d19b6805d513f982174 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2284475d734773843dc87c9c46c56749 |
| SHA1 | a814aa7c09bcd8191efcb96b65b46e40922b2158 |
| SHA256 | 14c8006c5949d409d1d5ac199b47cb2cf9e21eb72e97ce8d2e09236c1b1af8d6 |
| SHA512 | 515614fcbc6bcc571846570eb812348dde70fe3da83d6c828f78c17eb1faa1152892d01ed3f2175436a803ed90bd25f225bbcf9fcaf80811ff33a199e49ce462 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8a981ad6dbd15fb0969450aad4ba4edf |
| SHA1 | fa7985ee8d6759e3998bfaca748f41fc357f8b7e |
| SHA256 | 2f6af8d78961ecd371bc43ef0c12c16febbaecc597523b92d59ee2be4c1baa19 |
| SHA512 | f5132f8b1a6f610a688f9953c9f30fbebe43446a968c215aeff1b142df1f22e71beffd3262faa558213157d2fa34202bd4a1d44bb3d51eb2c2d13d28679cf538 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 21501148cf392c201f08208bc2ff3089 |
| SHA1 | 2601bc664a4dd167ec425949058b5628ef3adb3b |
| SHA256 | fe38d1f07fb8e5ee4d4229fa92078d5ce9b2b1397d66b47e6eadd50b11a87298 |
| SHA512 | cfeab3d756bd87fc18ce3b946e52806f29457026b8b45d0b264fa1e6bfa7322e8acd75745934dfd62a809a5b1c330d892bb32c2e9403e02e00e92e90e04937da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0f0b1a23792d7dea076dcd20cc6acc80 |
| SHA1 | 6066021027b20781222b0985a44decb0ffec9ed9 |
| SHA256 | 78e6f4fe1614b2a53300e7ca7356bcaaaa04dcdf6036d11e7b86036f787f57f8 |
| SHA512 | a4b8bcd9daabfa5312fdce583fccc65756eb3fec7e7ba88a89d5ea6a36b1054505eeccf18c09c0f4eadd79c3ed18b9e833c75004715092d210bbb936a8b2e62c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4a64443543331dabee667df5dda95500 |
| SHA1 | c6aecf2fc4f84f891a053b33c81be8612b2f885c |
| SHA256 | 698846a46083725e7410d9093946cfe4af91c868efe752c8c8b28e6434dcbdad |
| SHA512 | fe4b341147b4b0b179d953d609000aae2559310a3fdd1120a47a255dc447a788903780e50c5f6b1b083ffe0a907297294a770497b73ffbdcb247936ce3c37975 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 77c6799c369481eecf672ef135c3e847 |
| SHA1 | 182b3286d605927a200a42e7edbad01398d7a85b |
| SHA256 | ab60b6be00f6c98ab6b6253e767ec12cfd27c64de82052e16dd72a55e59382d5 |
| SHA512 | 82a3bc4bb5dcefa58e9b1c6e49c694d6364e7a99987c048bc1e69443e176f7f7e8756d8eee30e2a611c8795545e5cb80c9518beaae6af7c8305addb6d679e4db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 57996df86812e8e610ba48eb8eef890f |
| SHA1 | 1b61d9ffe80d851eff34a8ff46bae9a0a02c52e9 |
| SHA256 | a5bb639b7cfbb1c6d0db3be6b04e17a5122ef7e218c30788f8f5723771ed8041 |
| SHA512 | deea3a8cd8dd95c0b4e5be774ee9a5970fd7f0eb3dc71968a69c00f22f925236b667fc02de270f8fc38e941ae655d8a4542df2276898a61736688a47ae06f2c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2d7e9729545b095ffcc2ad7b167b612b |
| SHA1 | 65d210847a5571028661a3bbbfefcf337ac2727c |
| SHA256 | 48112b4d5728477eddf7a353d78bff794b8db6013ebf4444d105251a77361736 |
| SHA512 | d88fe57649d6264f4644419d00f54871bad71bccb1c37fac1eda4302ebe4b3cb7431d981dfe624dcf0f8b2e96958166afd462c1cb571560686a6fcbe4ad89dc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5c68244e913e6deb2a47e472ad3fb1d0 |
| SHA1 | e2521cb1d02e93932305e4dfed5a9198a3ab87f0 |
| SHA256 | fd085531839b5926c6637c74fe9517e2a0b5b5edda06d0d46a58acbc89ea1a1c |
| SHA512 | c7d65b8ee53d8ebcab01ed82ea2f10d0f0a3c1997fff36af25aea7b5333097d81e0ddc6094d06d969c808dac427ed04126ce0427cbd8b586ab9ad9b882c23a8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7f6dd5933c2b5635e57d322a0d7bcae3 |
| SHA1 | 637e2d0c37275adc7c43789cea67010182312fa6 |
| SHA256 | ae32ee1098483c8ef16c48fa11195434bb4e98361f5e4fee690f47f66cb06fd6 |
| SHA512 | 874f502ddf37574ce07dbb50fb1a6567687e698d0caf3b2a9ca36cf6a728ff3d5a335278291f6ea5b78b0420c21ee2b9567cedae1372712fbf399b107364a1ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2f7130ae71ad1e6cfaeccf8423468374 |
| SHA1 | 9ff51fdaeccec37637c7d423b2d33cefe156ed54 |
| SHA256 | 07f4c7b69d6b5affc1202dbcd64ea7bb9fec912c7b246b9e50146d2b394e000b |
| SHA512 | 25b02980c8f393c93079ec62340d996a753e2259ce3bc9e66691d41579cfc8411dfff4bc7dd70dd2654adfe0e85c146881511803dc808d2631dc35210bed9d20 |