hxxps://www[.]eaglegunrangetx[.]com/?y_source=1_Mjc5ODMxNDUtNzE1LWxvY2F0aW9uLndlYnNpdGU%3D

Analysis

max time kernel
45s
max time network
46s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01/03/2023, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.eaglegunrangetx.com/?y_source=1_Mjc5ODMxNDUtNzE1LWxvY2F0aW9uLndlYnNpdGU%3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133221419600626186"	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 3396	4116	chrome.exe	86
PID 4116 wrote to memory of 3396	4116	chrome.exe	86
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 888	4116	chrome.exe	87
PID 4116 wrote to memory of 3932	4116	chrome.exe	88
PID 4116 wrote to memory of 3932	4116	chrome.exe	88
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89
PID 4116 wrote to memory of 228	4116	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.eaglegunrangetx.com/?y_source=1_Mjc5ODMxNDUtNzE1LWxvY2F0aW9uLndlYnNpdGU%3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff30829758,0x7fff30829768,0x7fff30829778
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1836,i,14820441871069784428,2111161656547935638,131072 /prefetch:2
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1836,i,14820441871069784428,2111161656547935638,131072 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1256 --field-trial-handle=1836,i,14820441871069784428,2111161656547935638,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3164 --field-trial-handle=1836,i,14820441871069784428,2111161656547935638,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1836,i,14820441871069784428,2111161656547935638,131072 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1836,i,14820441871069784428,2111161656547935638,131072 /prefetch:8
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1836,i,14820441871069784428,2111161656547935638,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1836,i,14820441871069784428,2111161656547935638,131072 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4796 --field-trial-handle=1836,i,14820441871069784428,2111161656547935638,131072 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3872 --field-trial-handle=1836,i,14820441871069784428,2111161656547935638,131072 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4952 --field-trial-handle=1836,i,14820441871069784428,2111161656547935638,131072 /prefetch:1
  2⤵
  PID:3268

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4416

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
03412cc706e2a1af9ec91538e6e1e562

SHA1
11b88448140c2d80c330ff1c77035192dee6276f

SHA256
e528ca6c4b6ed6976cb7a796e94dd830a54c923a68f757d3dcec7445cacc2f58

SHA512
6dafc9f7590ce33d17591ed3ae2fc07d7d63f5fd2b04683af96de3a951c1075825244def2ae9e2decbd7576f454040fdedf20b297615cca446e09ded079a44bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eeaaeae84efb548e7d92379a7321ded7

SHA1
964c7ba9f916017af0d0dc894f36cab88e4f3d06

SHA256
6519dfe27e95e7cbeffa2893888207ed294e01dd83a85d55b19c9f07bd40d8d3

SHA512
731620eefb7e1a33fbc8f99ba5bcaed17230d12be08a0d30883f53056003a00c7adf4edc668eb453c2404873b611795cbb68c4141aed0a82b78999b767f859f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
515ad4313e64cba917d0dce494c1b70a

SHA1
fd2f79bf77e2fbc50b8d758aa81cf098c89e6658

SHA256
cedbb3a9a57266cbc7a9eea22b71d1a5d022cc5d036872284fce4581b32734e9

SHA512
c7dd1d5295e85d6ce7076401b092cab79c58785d022d4c494c6aa46f25e02ab886ec9d36837174052a78adbcba21d4d77ec50179167c93f63ff36127aa4017db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
141KB

MD5
f51b1de05e14a13cd9207b8cc42b7a58

SHA1
1161a517fd1961996722b683c7c22e8d9d3d3430

SHA256
83194e208fa01d71412929783f280342dd94d5f557cc1ebc34542c20a0db7f40

SHA512
eca81853b63f2453f75c407505aac22f9a5f156187f405afaf20a5f5ef02ed10f971ae440cb957d2747e367460115fb7f462465b04da6f36c3411766f74f259a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/888-136-0x00007FFF4EC00000-0x00007FFF4EC01000-memory.dmp

Filesize
4KB

Download
memory/920-160-0x00007FFF4E660000-0x00007FFF4E661000-memory.dmp

Filesize
4KB

Download
memory/920-161-0x00007FFF4DB40000-0x00007FFF4DB41000-memory.dmp

Filesize
4KB

Download