hxxps://github[.]com

max time kernel
1797s
max time network
1692s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642176265404570"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1860 chrome.exe
1860 chrome.exe
4576 chrome.exe
4576 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

1860 chrome.exe
1860 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1860 wrote to memory of 3780	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 3780	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 2500	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 1836	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 1836	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe
PID 1860 wrote to memory of 732	1860	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xc4,0x108,0x7ff8030cab58,0x7ff8030cab68,0x7ff8030cab78
2⤵
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1992,i,13213151018581587344,11136539704085187460,131072 /prefetch:2
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1992,i,13213151018581587344,11136539704085187460,131072 /prefetch:8
2⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1992,i,13213151018581587344,11136539704085187460,131072 /prefetch:8
2⤵
PID:732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1992,i,13213151018581587344,11136539704085187460,131072 /prefetch:1
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1992,i,13213151018581587344,11136539704085187460,131072 /prefetch:1
2⤵
PID:436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4312 --field-trial-handle=1992,i,13213151018581587344,11136539704085187460,131072 /prefetch:8
2⤵
PID:1976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1992,i,13213151018581587344,11136539704085187460,131072 /prefetch:8
2⤵
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1992,i,13213151018581587344,11136539704085187460,131072 /prefetch:8
2⤵
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1992,i,13213151018581587344,11136539704085187460,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4576

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3080

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
c172fafec5bc396a04aa23e98cb17927

SHA1
6d4ff7f1cc5f32f91f181278910079602dfb7d68

SHA256
f6d5749ee3d85cea05bad0ce44541d73ef792c132d1aef8c12d82f3e2b76a592

SHA512
0436631d5b6e39c990422954885782a7e6cba42fce2aaefd499d3f9ff5c969144cf55e928569f43c9fe31e2cf630910c7812eb142c45aa25584d68192e0f0c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
ec32a42ce79b825d7ee378ede063dd70

SHA1
5d2b5f705a538550e8178238112f28ae8d7b10cd

SHA256
0f4165e0911a630a61e9b59263ad504332e20ef6315fd617635794da1a9a4b74

SHA512
02980965208d670e65b063e245429f7ffcaba6970ac314fef4ddb3a5523cc82ef3b4cec838a7e664fa004ae8a31c597b0c9a0e4d20ca6ba548f4fc0a3a560544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
545d8e6bf2e5d7d45f3344cc203901ea

SHA1
e3d5c4caab14746aabdf897e551ce709a2fcdc39

SHA256
94bef2080589e1cb3b8b2b78af1ac5b94035c3afdf9c4ca1eeb8119adc5cbe5a

SHA512
cfe80ea81e137d9653762e89365e3dd735bcf6226779d9a60b82b20771054d6649104a21e074d467e6e3c1d77f59836104167c6bfc4dfb3c3d3b7371ad192b7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
80de048784c334acdd8923cac599d920

SHA1
6be67186a443c36f2108462d2bf045a21f7588a3

SHA256
d5ceefc93be39b86febde948da4577e0e30b5f93bb48b485b672e4625d04c082

SHA512
87823e5fb6ad3a0abfce8e420bfb712e14c13cecdfec005e00487def0e17256f2a9426eabedcc1d81f1b0e8b860187e3572704da54825a7dae0d2e35e88c302f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
e382df287e19944bdaf980f9cdf23f57

SHA1
a4f64c62515fabf414c640880c828fc54466e9ef

SHA256
51cdcbff8c97f1a2060de7c103a0eaf39fe8767acbb302bbf220b3ccca568bec

SHA512
64455144d033f562a17f0cfdce87409de3ee75709dc87095a6157579f7cd7b50cfc21fc054d91f89b790a22eaf722df1374467bffd8885b906e2dc8a38b7ba70

Download Submit
\??\pipe\crashpad_1860_IJSRRMORSCYLKBQD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit