6b630bf407891744cc4604c9fda50323c07c7ee24e92d299b8ad2c0254fa53e1

Analysis

max time kernel
24s
max time network
24s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HOM0Ig.html
Size

6KB
MD5

01ac0818034bdfb35653fac8da89fc93
SHA1

dc301e4a92973a030e044a6a5f666bf7f42c8981
SHA256

6b630bf407891744cc4604c9fda50323c07c7ee24e92d299b8ad2c0254fa53e1
SHA512

e548623291cf212fd79ffbf79f1611934ca23305037a13d6d4f1bbcc670dee2a71f956cf40092d381e0349fbbb5f766b9e6cb5789947aecbbeb981f67dad48f0
SSDEEP

192:Mme2duaPLXKfH7vZ9FA6vA8yF7g//2Kay:fe2d3jXKDnq6Hb

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876333535511930"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5584	chrome.exe
5584	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe
Token: SeShutdownPrivilege	5584	chrome.exe
Token: SeCreatePagefilePrivilege	5584	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe
5584	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5584 wrote to memory of 5296	5584	chrome.exe	84
PID 5584 wrote to memory of 5296	5584	chrome.exe	84
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3108	5584	chrome.exe	88
PID 5584 wrote to memory of 3092	5584	chrome.exe	89
PID 5584 wrote to memory of 3092	5584	chrome.exe	89
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91
PID 5584 wrote to memory of 2620	5584	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\HOM0Ig.html
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa021edcf8,0x7ffa021edd04,0x7ffa021edd10
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1700,i,16125287353242087526,4472398192666014283,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1692 /prefetch:2
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1536,i,16125287353242087526,4472398192666014283,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,16125287353242087526,4472398192666014283,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,16125287353242087526,4472398192666014283,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,16125287353242087526,4472398192666014283,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4216,i,16125287353242087526,4472398192666014283,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4236 /prefetch:2
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4648,i,16125287353242087526,4472398192666014283,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5452,i,16125287353242087526,4472398192666014283,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:5092

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5408

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
11241138789f1bb27b6cd777fc18bd07

SHA1
733e8ad853f3e7464ac834dc7c91273790142dc9

SHA256
7651c3423241f0b9385d53ae70afc2cc5b2783dbd720d689b198af237e44dfcc

SHA512
97e8881d5ca651fc9b9d81c06b5709d8bc3a9af52cc06dd10aaab806eb4d19830677c4081fc86d0de600efc3190213e5b5b8291444571f66fabeeb1c5f633f78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9c68f0bcea4a5234b5dfac2cd81a62ec

SHA1
65be8c2c750ebdfac42c3a2499e9806a8839040e

SHA256
1e6ab696fe7c417b2cab7b7558542eff401a4591ce3908dac7e0876714efb360

SHA512
49fbf4f8ec6b26329f4f6975701522d440f3b4501ab82968213bc8bee609a49636d6569d4f3631b1b6cd017350c095d2bc4232203167bab80cc065279621f8e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f4f1c7349dc5a8ab992f8bf5341b99f5

SHA1
d95c5fa2b3bdbfe645bbf2086176b42efa81c023

SHA256
4649834f2b0edd7b2685a21084d9a1097951d063d7c67b3e4207d801a48289ac

SHA512
1db3de3ca9ca46ef348eaa2d799a22c3f8755d0b0b37f72a4bf150f3b7d1bf2f4f392f0397e610dfdc4dfc74325c32e43f3582db786c2899fbf02f05c6542427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2f927e89cd87c2e6ba535809b444c06c

SHA1
fe32324812fc97ac86e7c1fb7eaeb8d8fe8de1df

SHA256
1865ba72e4243591f3ea33ac202e969d3f5f33e04d30ad1003efb054e62b7cc0

SHA512
2c55a5336f882ac0df7c99038055c9ba4ca5dbc1c1364985d1d0c30994c3c3128919d3af0745070e2cbb2345be4f9cf29c3ab98547d8af5958a615a863d7e410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a75c.TMP

Filesize
48B

MD5
50dfc173ac6c9257df09d00c6d7ce285

SHA1
34c003a0e8fdb86f3c3f2dc9c9896fddb5bb483d

SHA256
de28eb4295e543a131c787b3215763f2c81f3952a727cded8fbb758d338bc444

SHA512
2748953994a922f5dba926ded3ea3d0673af43f73c2cb0f1f0031cd3e6b93921d993065f0f99113b66ff19760b69b964001a1428a93c906b8f64ddc37e624997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
768d5c6f3c7deff13c0172dc9083fb4b

SHA1
ee15679429012897fccfc173b40f50421551b4df

SHA256
bcdb9b629a08149dbe55c0af3f2fc3e70ff79871c976dd208cc9a494b44665e2

SHA512
6f099926792c4a1c3db66ca829568968715ec92ee89f35f4fed1ab60ea287f5715bf92387bda89b434f07c26d167c8b253346ef23c73bf62adc1c9f9d4f64864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
6b261703da9afe9c10ca659b1f130177

SHA1
46feafe628b5749210596f98ad957874a689978b

SHA256
dd583ddc047c62fa9e89003edf1a9f3b90794fddc59fa64f534f4e188e095d74

SHA512
0b72727b108576c808c4f6ba13c346ad3295fdd7fe2b600713d0ddb763b66e3ce67580211c7bc3f166b23b1da5ac497cb9cc4162eb548b3f15a39b5da0d1483b

Download Submit