hxxp://www[.]lamtec[.]ru/

Analysis

max time kernel
114s
max time network
116s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
01/03/2023, 03:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.lamtec.ru/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133221204159100871"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 3036	2932	chrome.exe	66
PID 2932 wrote to memory of 3036	2932	chrome.exe	66
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 3236	2932	chrome.exe	68
PID 2932 wrote to memory of 4724	2932	chrome.exe	69
PID 2932 wrote to memory of 4724	2932	chrome.exe	69
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70
PID 2932 wrote to memory of 4688	2932	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.lamtec.ru/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8dddb9758,0x7ff8dddb9768,0x7ff8dddb9778
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:2
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2712 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2720 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5024 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:8
  2⤵
  PID:4912

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4808

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
9be7527154b9dc54f0875e66b7efb5ef

SHA1
2f87f97a054d9b5751668933bfd4af8f7672b171

SHA256
53fbdb95cbb79b69b3aac89f5c2765340fbe1d000f1dd31a10522f07ec4aab9f

SHA512
395c06a78136246c35ed7609c14e2362d7a7602a74d5ec5ef68423678cbb450f396c48355d8668a785ae111cb4915d6ee527df9e97a6248d2d38ed9b85e1f43d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5f18d53efb3c13269e462558ac50fec3

SHA1
9f7ea875a22ed32c52cc68c49695b5263d9a4052

SHA256
ee6410198e069dc350cc71b11e575ef7232dc8b6ee451c15437fd9e47981549a

SHA512
fa3c0a993fc8381a82d00bb6f0af90d4fef1860d4b4cda1cf32393febf06a2c1094ed0e2b5cf01d3e57bc9854ba498187772f0c904ba6da80e6c175d1e36b04e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
e5d1657fa194dc6bfca6df4e6ba1f39a

SHA1
3a86ef4cc089a2b862ded5f8c885a204cbb91836

SHA256
dba4c9a902dbff4b61dd3ffb23f9a9b4ed27fcd17057707351ca8f57cb8b4960

SHA512
74774f9bb86924e15eda01b385478461ddff15e27f4ecfe7d1e82a22626b7a4c023f88c8e29a3409a40d33f36e78ae3191b1a465973c4e3e28100a1d872a28b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
08c602cad1f79da49c1fd43d57e97690

SHA1
18ab110b750193fbbb1502101dd012ec1f1f65ce

SHA256
3368605b25ee31a919ac81fe00166af3ed3ffc7e51290450b44b264ed5a962e6

SHA512
03f375d91d1606c12137dedb7fdcf684f6b896f3ea00c3880f5ba14c9e076847c0fec992271ac6e2387f2afacb5ba9cde5bc47802fb947b3ffb9749703285468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fd00f5ad29c6a00f6b15896adab08c12

SHA1
cf87a538bfbdfda02ba7feef023d820f9e17b225

SHA256
c3dd61b6d642865e8036d04fef3bd77ddd38dc910c728bb01db2cbe1d7cd6680

SHA512
be0254ab74207ce95fd86f70fc3976e9dc97ea2d59c7f8fa705ed86be58708d4ed5158a0e48e1864ba128dd64b642f3b9c6b59ab325cee86bb57315de07147af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dab917bf2c531ee09948a4d119b03bc7

SHA1
cfc4c859150f33614b03eddf7afecb20042555e3

SHA256
4291fcdfce8b8728169c3911ca6d86efe258a3ae250b6d9ac304a7f4b6dd9a7f

SHA512
a73e18590cacb6b99c4f2abfdbc8fc76fd0bc826dbe931ec39ad099428718f664ba1b69287259c70ad03eb4c93251175b500d261cb584b2ec01e86e63f5c72a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
141KB

MD5
b1daa240b7b53a73233509a378a3f613

SHA1
38a3d120b9a0c0f94a7248eaf2b569e4dda16977

SHA256
d3a5bd9e5a5f6ff5607bd77989c1c2de449b3dc59405983d984b4e44f49d022c

SHA512
574dd4394f012f80f4d7f89b087f29d9b31ff9f7a5d935d560f9610d049a3b81d44b58364c9d3bc0850d8394ea6be97c423acfe9546fb4c9f16bdd72d2c16f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/3236-130-0x00007FF8E4920000-0x00007FF8E4921000-memory.dmp

Filesize
4KB

Download