Analysis
-
max time kernel
73s -
max time network
74s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
06-03-2023 10:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.numisgems.com/-/English/
Resource
win10v2004-20230220-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://www.numisgems.com/-/English/
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133225763383467895" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2620 chrome.exe 2620 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2620 chrome.exe 2620 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2620 wrote to memory of 4072 2620 chrome.exe 85 PID 2620 wrote to memory of 4072 2620 chrome.exe 85 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 4764 2620 chrome.exe 86 PID 2620 wrote to memory of 3876 2620 chrome.exe 87 PID 2620 wrote to memory of 3876 2620 chrome.exe 87 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88 PID 2620 wrote to memory of 3028 2620 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.numisgems.com/-/English/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2620 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffa90389758,0x7ffa90389768,0x7ffa903897782⤵PID:4072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1816,i,16480291322676173436,6213932499881191799,131072 /prefetch:22⤵PID:4764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1816,i,16480291322676173436,6213932499881191799,131072 /prefetch:82⤵PID:3876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1816,i,16480291322676173436,6213932499881191799,131072 /prefetch:82⤵PID:3028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1816,i,16480291322676173436,6213932499881191799,131072 /prefetch:12⤵PID:4736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1816,i,16480291322676173436,6213932499881191799,131072 /prefetch:12⤵PID:1568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1816,i,16480291322676173436,6213932499881191799,131072 /prefetch:82⤵PID:1656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1816,i,16480291322676173436,6213932499881191799,131072 /prefetch:82⤵PID:2140
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:912
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
536B
MD5ef6972698c34241423b4ab38af137a55
SHA1cc887b8b9d14aa88d6c4a407562c2eb7ca72e16b
SHA256988484f1999d365cb260cca96aedc6402bd802d3b225ea507d6ce31179280f19
SHA5120b0905a554b7e02f9fdfe2e01e027ca72f35f47b9b20f0336b1fb4e673db90c06459ef6fcb1a672f8fd0cb6918b789a95b2b014c5fee3f48d4a713c4486e30e5
-
Filesize
536B
MD5ab970fe0d1dac494c3bf82f5b5ecef51
SHA1961e9ad2a056e1a2f9420f705da9e1da61af1ae7
SHA256ca623517ee3abc80ecabd92ab6025bfc17945974c5f8d1a6118c882f0d7d7f57
SHA512370b8087a5c89f7455ae6205c02d42df471c1a13b39cdce1b4d040aacd5d153ffe6e7a314c39458af97c61179a7e1381e6e8ada00d979fedfc85a4cbfeb3e90b
-
Filesize
536B
MD535c1618940eea4753fed129a699cfe05
SHA195e79d3326615506598a3d37d0cf2b5e840863ab
SHA2560dd8226112ed657b819403cbc20405221d33c54c4b9c69f98529e5ad541b93e5
SHA512609e25251cbb791ed19468cd61aac530a739d8b732eb0c4bd10be5a4006bb72d6bad04026fc72fcd59202b76f11a739841cd87b5a5edf7ea61feb32c2316a0b9
-
Filesize
536B
MD52ee5d7814b8acce3ad079ef45490a061
SHA1edf1d2035a10dbcb2cf245c671634042e7c1605e
SHA2569df26cef54ccdc78db54068e961ae6cfc5895cadc3349c4b63d6f89262164165
SHA512f8c939f6987839c32408b3b161bfd9667bdbdc36357f77f78f82014b8f658078813a93aac2e03f2d0f95220d332158829171a068cc349be918f02ec4196232a4
-
Filesize
4KB
MD52a351e8b1abe7f3ca9bee68cb3e02eb4
SHA1af83cefb6d582ddd658adc1c53cabf1b52ab96c4
SHA256c6db0dff998ce1b0d0f8d7e8c1921cd16685b327778a73f10e08529420ce6b08
SHA512f5cef57a31602f440d1c60de3c1f6bffdc40746833df803f096c3bff1f4ca843c56095058ea2c1b2f501b2b26efe3aeff4270207a9eba51130a2d663fce00eaa
-
Filesize
4KB
MD5d459b4ab7009e9ab25ad99b0eb67942f
SHA19ee5d979b5143748503fbe827bc9126b52d2e152
SHA256d0cd6bc6323f2507327dabd07a9496fbb6ff9706294db9c4a7de709b8d474e1e
SHA512902a78b52927b52a40b7b5b4f2b11470cee41470d1f3b9d43f38fb231386cd46f866b5fad3f79de2c1808c0910c2f6f1fec4b83a5167a40d069689e49d244196
-
Filesize
4KB
MD54743545d38c833d79c0d7a4b2634aa9d
SHA12b71bebca98148560088a97ae5dd82e7c090cfaa
SHA25676d6d9ce5b9e9133a006cdc9f06bcaa6522a2f1f675031d1bb28686575b28aba
SHA512b61fa92190f8a0441a2f274bef0c75ba6317bc4cc7a63c5a0bd44382a9c43dd283fb971ada75d263fc74bebbe855f733f7a07a43bc888881630b5ebfd8e84cc2
-
Filesize
4KB
MD508b41d82845627b8b60e53b92b9ed98f
SHA1351ba561b27a40c8a59cd05907fe434556684b10
SHA256bd4d49efbc8beb59dcb98d30e0a12ec683d9b175cc022d91cedb00f78a456b15
SHA512b56ffa45dcaf54e631eda25dcf359be649700e8b5eaf91dbd5f61b87bbb7dd8909cf7491b9f6c226144f92dfb7f2d78890e13fdf5207eafbd385763bf3f72dde
-
Filesize
143KB
MD5692fd5f24e5381b52468fbf11dda44ff
SHA1727b7830e07d3cbd7df41356ec5fbefbbfcb013f
SHA256b3307a8eb5a44eb370692dd695bf0755730ebf5498c07bd375367f9e29a5dd40
SHA5128c2802fa3031866e6fc55fe74932696a4cfaf4bd73c3bfd72eed4453de08fc36f710a60c5a5106762f784be3dd0892d93023389fed87e5a0850894f5a5914be5