Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
07/03/2023, 08:42
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://hr.domru.ru/mira/s/JPqavW
Resource
win10v2004-20230220-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://hr.domru.ru/mira/s/JPqavW
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133226557590221513" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 220 chrome.exe 220 chrome.exe 3952 chrome.exe 3952 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe -
Suspicious use of FindShellTrayWindow 59 IoCs
pid Process 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe -
Suspicious use of SendNotifyMessage 56 IoCs
pid Process 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 220 wrote to memory of 4732 220 chrome.exe 85 PID 220 wrote to memory of 4732 220 chrome.exe 85 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3352 220 chrome.exe 87 PID 220 wrote to memory of 3660 220 chrome.exe 88 PID 220 wrote to memory of 3660 220 chrome.exe 88 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89 PID 220 wrote to memory of 1664 220 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://hr.domru.ru/mira/s/JPqavW1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:220 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd48829758,0x7ffd48829768,0x7ffd488297782⤵PID:4732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,12640322242488078301,6199259763040580027,131072 /prefetch:22⤵PID:3352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,12640322242488078301,6199259763040580027,131072 /prefetch:82⤵PID:3660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1812,i,12640322242488078301,6199259763040580027,131072 /prefetch:82⤵PID:1664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1812,i,12640322242488078301,6199259763040580027,131072 /prefetch:12⤵PID:528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1812,i,12640322242488078301,6199259763040580027,131072 /prefetch:12⤵PID:3108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1812,i,12640322242488078301,6199259763040580027,131072 /prefetch:82⤵PID:2880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1812,i,12640322242488078301,6199259763040580027,131072 /prefetch:82⤵PID:2444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1812,i,12640322242488078301,6199259763040580027,131072 /prefetch:82⤵PID:1836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5184 --field-trial-handle=1812,i,12640322242488078301,6199259763040580027,131072 /prefetch:12⤵PID:4976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4816 --field-trial-handle=1812,i,12640322242488078301,6199259763040580027,131072 /prefetch:12⤵PID:1276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=960 --field-trial-handle=1812,i,12640322242488078301,6199259763040580027,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3952
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4432
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144B
MD5ade9cf526d156789a811051727eff466
SHA1c7350a0e37adf0f42609e68b2376447c8caf44f4
SHA256953cca6473d7aec1910933c1215aa36162faf78bfcff1d78236c878fb675efda
SHA51232f4913801750c27513a37326d6611eedde9da7644693bf9fa7ef1a4702209b6246a08214f64bef5548441dbf0cf767a974ecce9535a0a2e9cce8d0b83fdf4fb
-
Filesize
1KB
MD57a77fbd3cb1f3fb9587060083ae8ad9e
SHA12a11bfdb37a0c6fc709308d540d18a168ee127fb
SHA2563fbd51ea307ee3c78f868a882a91cec85a8623365d50ed0dafb2b19a108cc96b
SHA512b0d925111e39ff1eef6ce912b144d8a97e1810d07cfe9e1bed523eeafbccceac6d8a56a5d6e3e7816f7b85f8417d044c736aed34012ffb9149f130270d2fbf39
-
Filesize
6KB
MD52c7fefb77882964169048ca5f6046601
SHA1883805aec8e4997dae698bc6a8b617305f4ee342
SHA256812b304bdf1cf8c2e19e5b902c8769cba421c59f9e662f7fc0ca9d7b271b751e
SHA5128db5326e5a3a5153b281851697cd3c4319746c801c3690f95029c58d2389f02c81be8fcb1ad3025d594f6f5751ddeb558997d80cfec7583016320dd5b54426a1
-
Filesize
8KB
MD5a841f46779a2051629bc691a47beaee8
SHA1e851733f661d878fcf5f7fc78e3beef25d42dee4
SHA25647c0416f69f72088550f94aa9424303db667d2ec67be339156778b96455f11b3
SHA5128581572c753bd227585587e35dcb6a2f1ee63777b4bd0f02db45cd66e08814e99264d1116a696eca1c7dc91a3b761801424a0d084e4e5ec5ae4b7c396324d767
-
Filesize
8KB
MD52656bece56ae3983cfde3f3859adfca3
SHA17aee37fddf198e36d97d171c837ff842c5728c81
SHA25655443e8f75d845ec71c36c9539882bf7d98f38420c68cd8ac983f6f30387c96f
SHA512b27b8053883563f9b368fd092de610e95efa905ff4b54ddf6400d64835718928c94512316e04cfb8b5cf778f43f2cb0e100d7a6bc8f2c21b4d0e4f2d7df84613
-
Filesize
15KB
MD5717e6699f315438ee4222c2be2d93907
SHA193ba6ee60d683af9ceca0416a61aabeb0b941af7
SHA25643713575e9fc67c1836d9616c055d6203b2b1cdefa4c460f2da6dd346dcf14c7
SHA5123508dc7c7aad4c5ae03c54b6bd0fecd80af1160f389fa2c3786eaa73c7a40ed6da1235ac3c4d6af90f6c95b7fa63163ee7d574abc058f6fcc1de5c6c930310c0
-
Filesize
143KB
MD563518fbfa254145954d7691e8406614e
SHA1c26418369c152fb078da5ac1a37398229ffd21fd
SHA2563804efbc89627e8a1b3776613e148d4f04064233e09f6248d6a23d35e3104c7d
SHA5121f062c44b1e22bb873c64768cf0a2ed525d94191945ac2d22f25dd72685fd0f18af8df69e6b11d6fa00a45c51fb19d2cbab7ca28a3b3960c0a7559b48a523b64
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd