hxxp://www[.]google[.]com

Analysis

max time kernel
300s
max time network
288s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
21-06-2024 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133634381675557191"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2524 chrome.exe
2524 chrome.exe
4756 chrome.exe
4756 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2524 chrome.exe
2524 chrome.exe
2524 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe
Token: SeShutdownPrivilege	2524	chrome.exe
Token: SeCreatePagefilePrivilege	2524	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe
2524	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2524 wrote to memory of 4424	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 4424	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 1940	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 692	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 692	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe
PID 2524 wrote to memory of 3988	2524	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1710ab58,0x7ffb1710ab68,0x7ffb1710ab78
2⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1912,i,4324599378502636703,14007790215774022414,131072 /prefetch:2
2⤵
PID:1940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1912,i,4324599378502636703,14007790215774022414,131072 /prefetch:8
2⤵
PID:692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1912,i,4324599378502636703,14007790215774022414,131072 /prefetch:8
2⤵
PID:3988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1912,i,4324599378502636703,14007790215774022414,131072 /prefetch:1
2⤵
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1912,i,4324599378502636703,14007790215774022414,131072 /prefetch:1
2⤵
PID:3956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4280 --field-trial-handle=1912,i,4324599378502636703,14007790215774022414,131072 /prefetch:1
2⤵
PID:1172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 --field-trial-handle=1912,i,4324599378502636703,14007790215774022414,131072 /prefetch:8
2⤵
PID:544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1912,i,4324599378502636703,14007790215774022414,131072 /prefetch:8
2⤵
PID:1072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=948 --field-trial-handle=1912,i,4324599378502636703,14007790215774022414,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4756

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1112

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
8c3b83eca9e964b04720c3bb4c6399b6

SHA1
5c4003db7f906d2b0c41877c401307849c5efdcd

SHA256
45cd1db2ae97411db9b428c93d8c5191bb919ca67def8a50b119c5d58c9d5ae2

SHA512
2fe957db280a9b4d4c8c101b8204cf035c9e2bd2b56304b451db2eebb3d1b45edf8d6307577130a853865a435017d2e72e9b6f69b2aff48057e0c87b074460ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
786a017ee79207f424fd563bc7368474

SHA1
e901e7ed79a057424ae351b3dde3b56ff892c9c3

SHA256
4ba0aed496b400f2f45c5dc5d4e079c0868e1d714cf0826d2413c42339deba82

SHA512
b9d0a50c22bab0d046ef700f07d0f7f39b884402616bc3ffd7cc857f894b010adadaa3522b85d23ec1a0a868e113cf77413a2998d06a6c7e03cb7ba1936470b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
6dea4e864e86babf6ade14c22f4b321a

SHA1
c50b9a8b1502f162988e397a8c15e385e6253ec2

SHA256
19cc63742cb51926aab3a366aa13fd0ddf156b23835f026cdc81a76c9068646b

SHA512
d8801575d5de8b32d41ae370616e1a2712737642dabc38134b4eb7c9e8a4a0a06cf49e6e78e9453f21d89274d6494abbb9a5af77d751cf035eeeaa344963ef5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\dadccc06-9567-4319-96cd-0a622b968e47.tmp
Filesize
2KB

MD5
77929e6af28bbf22da710b6355dadf78

SHA1
2a5742cd80d16f4a73d68f9a1597d0684ed753fb

SHA256
f7643adb00cee03841c788c6affe00a22bae106e99aae86c2e8c9dc143acc050

SHA512
24ce8d6292b48efc902c0c898a2fad47666d750dfb57afe780925bb38ef54e9c5c8a6fc13b0a32c34aedffab5ecb1e9e59ef9874dd925597d17e27dbeca42cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d23235ce09a6727fabfd933adee75a97

SHA1
65bd5c184b089e4ca09f38995e260dc4d1de331c

SHA256
94c005ba92c73e7523cffcd7b48f3bf72a9a67176707777cc9d75c8e9b0e4524

SHA512
b5847475252041fb2053611e0277e1e21ff135d8e25d49cfb8e514dbb91237a42de26db26a8d594ffabafd203e35fd70f67fe8be3ff56195e58bf6a0f3a8b520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
d3be8bdb3afbbf4e6ac6508add839cd2

SHA1
d2eee871c458f93434b6093dbc0d81f87075687e

SHA256
dbcb16322a46621bccd948270f5895e137eb86b65857c5d61a827641ddc0fb03

SHA512
4ff04830d12ab2af001a68d922f3200ef7dc16bd2a526d1b3b248a1596a5c9b4ff6bc692103d62ef0faf64a662b9509f4ea747d7e67062599db2f45a0d5561bf

Download Submit
\??\pipe\crashpad_2524_TEVETELYPRDRQCKW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit