Overview

overview

8

Static

static

8

URLScan

urlscan

1

https://quantgrunt.c...

windows10-2004_x64

1
General
Target

https://quantgrunt.com/uyt/?e=amFuZHlAYW1pY2EuY29t

Filesize

N/A

Completed

20-05-2022 12:28

Task

behavioral1

Score
1/10
Malware Config
Signatures 6

Filter: none

Discovery
  • Enumerates system info in registry
    chrome.exe

    TTPs

    Query RegistrySystem Information Discovery

    Reported IOCs

    descriptioniocprocess
    Key value queried\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturerchrome.exe
    Key value queried\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductNamechrome.exe
    Key opened\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOSchrome.exe
  • Suspicious behavior: EnumeratesProcesses
    chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exe

    Reported IOCs

    pidprocess
    3904chrome.exe
    3904chrome.exe
    4224chrome.exe
    4224chrome.exe
    932chrome.exe
    932chrome.exe
    3888chrome.exe
    3888chrome.exe
    1640chrome.exe
    1640chrome.exe
    916chrome.exe
    916chrome.exe
    3516chrome.exe
    3516chrome.exe
    1328chrome.exe
    1328chrome.exe
    4224chrome.exe
    4224chrome.exe
    2484chrome.exe
    2484chrome.exe
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    chrome.exe

    Reported IOCs

    pidprocess
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
  • Suspicious use of FindShellTrayWindow
    chrome.exe

    Reported IOCs

    pidprocess
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
  • Suspicious use of SendNotifyMessage
    chrome.exe

    Reported IOCs

    pidprocess
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
    4224chrome.exe
  • Suspicious use of WriteProcessMemory
    chrome.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 4224 wrote to memory of 41324224chrome.exechrome.exe
    PID 4224 wrote to memory of 41324224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 21084224chrome.exechrome.exe
    PID 4224 wrote to memory of 39044224chrome.exechrome.exe
    PID 4224 wrote to memory of 39044224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
    PID 4224 wrote to memory of 5324224chrome.exechrome.exe
Processes 26
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" https://quantgrunt.com/uyt/?e=amFuZHlAYW1pY2EuY29t
    Enumerates system info in registry
    Suspicious behavior: EnumeratesProcesses
    Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    Suspicious use of FindShellTrayWindow
    Suspicious use of SendNotifyMessage
    Suspicious use of WriteProcessMemory
    PID:4224
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc77174f50,0x7ffc77174f60,0x7ffc77174f70
      PID:4132
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1608 /prefetch:2
      PID:2108
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2000 /prefetch:8
      Suspicious behavior: EnumeratesProcesses
      PID:3904
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2424 /prefetch:8
      PID:532
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
      PID:1780
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:1
      PID:4528
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4308 /prefetch:8
      PID:3744
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
      PID:1832
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
      Suspicious behavior: EnumeratesProcesses
      PID:932
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3604 /prefetch:8
      PID:3856
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
      Suspicious behavior: EnumeratesProcesses
      PID:3888
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8
      PID:2356
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4796 /prefetch:8
      PID:1260
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5072 /prefetch:8
      PID:3124
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
      PID:4572
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 /prefetch:8
      Suspicious behavior: EnumeratesProcesses
      PID:1640
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:8
      Suspicious behavior: EnumeratesProcesses
      PID:916
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 /prefetch:8
      Suspicious behavior: EnumeratesProcesses
      PID:3516
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:8
      Suspicious behavior: EnumeratesProcesses
      PID:1328
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=812 /prefetch:8
      PID:2236
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=912 /prefetch:8
      Suspicious behavior: EnumeratesProcesses
      PID:2484
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
      PID:1640
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1616,17606514294576433370,14816268855038992996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
      PID:2128
  • C:\Windows\System32\CompPkgSrv.exe
    C:\Windows\System32\CompPkgSrv.exe -Embedding
    PID:4172
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
    PID:3964
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Replay Monitor
                        00:00 00:00
                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches

                          MD5

                          d41d8cd98f00b204e9800998ecf8427e

                          SHA1

                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                          SHA256

                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                          SHA512

                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                          Download Submit

                        • \??\pipe\crashpad_4224_JOJQXJDWIHTPCKXU

                          MD5

                          d41d8cd98f00b204e9800998ecf8427e

                          SHA1

                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                          SHA256

                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                          SHA512

                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                          Download Submit