8c8bf4b4b848c6f7d5a9a6f953fd0f708de20da78a9cef93f6eade50d1ce5143

Analysis

max time kernel
54s
max time network
50s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
01/01/2025, 20:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

about.html
Size

48KB
MD5

87835dd161bcb204279591e875f62417
SHA1

ac529d9514a7970239dee048672908c8b378cfdc
SHA256

8c8bf4b4b848c6f7d5a9a6f953fd0f708de20da78a9cef93f6eade50d1ce5143
SHA512

87654c3f2f0821049da50212a513c73ef8e0405b67336c414cb92dcb1d21e37a7afabe72d8f59dcdba0ded011417f2a739678bcd5065372fa6b3dc8f7342e3b3
SSDEEP

1536:WpAuptIusn0wKeIP2vt81vWhFiv+v+v9dml2MsPon+X9hJlcCkhDS35R3BigSvfu:iQl81Oh422l5T8nhGak

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133802382853304380"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
396	chrome.exe
396	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
396	chrome.exe
396	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 4508	396	chrome.exe	77
PID 396 wrote to memory of 4508	396	chrome.exe	77
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 3108	396	chrome.exe	78
PID 396 wrote to memory of 4816	396	chrome.exe	79
PID 396 wrote to memory of 4816	396	chrome.exe	79
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80
PID 396 wrote to memory of 1464	396	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\about.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff947c1cc40,0x7ff947c1cc4c,0x7ff947c1cc58
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,14197325004476729045,16337083003514832632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1704 /prefetch:2
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,14197325004476729045,16337083003514832632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,14197325004476729045,16337083003514832632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2336 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,14197325004476729045,16337083003514832632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,14197325004476729045,16337083003514832632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4544,i,14197325004476729045,16337083003514832632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:3788

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ba814e99f92ad8e737f203e5442661e7

SHA1
a46aebee9deba1d0b1d450eda428db4aa5d7a1ce

SHA256
24b55b4025018d3bb894196fcfebea466bb5bc841d78ee89b2dd768e0aa59b59

SHA512
7203811955cc85d9eb24bce93e9e26619776559afbf1884c552697f5d335c941b8997667b366179be3d6b964e302b66e89c3aef3fd9537665cc012c99206a004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
a90a90bd9d586a3753047c43e2f91d34

SHA1
4b9ec3039841c16fd5f33c1fe3211a833cfc69b9

SHA256
f9195dc5c632081097c45fd764bb910432671ece41ebd545d88b2b3e2bfab4e7

SHA512
1c0a956e896b582460c84fc3a00c7b335e68cb886bb66eac6347ede1621f23d4e4d4ce3bcbb3e8ccc205ff498f71be12c5ae089731ed050e1b69b695c90b2542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7190111c1a1ea1aa651b5091208c4c3d

SHA1
93a570f755969a79f6aa5dc557fef3f4d3297209

SHA256
47e95e20823823f2f180d676081d4e2d9de6e4d7fbb6901f60453ff54976abb4

SHA512
bd0d955ecefd562c7c1d61fff6e6a8d733fec625b8ba4567490e63d1551fd8e5fc56eb6f9dfb24de55e30b9bec9b0fe9be4f86bdfe77c51d0139615a1fea00f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
734b97c78cac1ea38fe12b47d43d45f8

SHA1
57aba46d3d3342f430f71566346fffaa9d81122d

SHA256
29217b9a5f1458c89f9a5a0831d14b49d6daffe4288370328091f1e1e68aa1a5

SHA512
ea4776e9968305452f8b6b253aba7bdf32ff7c325bc1684c1b23b90b628ad8ec49e8973288a4c828106e567857c0b54154283c47b733deeb755c79f6c1312de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8afe4e4faf100ed616fad638653b520f

SHA1
9fa19b6f02091f255c168ab051062db8962157a2

SHA256
0f735fcaa4d7fdbd73101a62ea2437a88443f704691ec7cc3078b23d373b2e60

SHA512
2e6234f5cb8302fd25deb6cd2e124545ce482da8978a57bd06b8632c86f0eebedf539f93efcee072643af0b0254969fbf3087e96273a7aea415e0f6349e6c625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
6977ce9a5dc83abba3fdad955920ad81

SHA1
df39d4f91a347fde1a847d573e78d7144bce2c9f

SHA256
e86bbd571de00b52554bbb0ab663b2238119293cccf0b0fcf6748a6772b9c581

SHA512
ad61b902ef7ac37b4937648d4a31d946c55e31989ecfad2cb29cab5d6c645cb57aef7b2758b038944680d1149926413182728a299881c1d009d259b123e1a279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
34ce3faaf4bb965cc8cfb897524c6ecb

SHA1
305b138bd8c84a217552c1a288589b3557c4b6eb

SHA256
c41cc1e714d37fca611786f8ab4f0e98fa4ec23dea1a0d5cad1dcd51743860c4

SHA512
d41e58a82ba93930ef2213702b2412f5d438f567efdf4dd4e70e5c8ac02f11136d21e31e458b58c8df4543de4cb5e041d833d003957d18c2fe0543dabd7ff299

Download Submit