hxxps://3c88539f3922aa17bf02-16e38a7127e89e8b578aa85a77de029b[.]ssl[.]cf1[.]rackcdn[.]com/TackleDirect/2020/Footer/FT20_07[.]jpg

Analysis

max time kernel
151s
max time network
151s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
10/03/2023, 08:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://3c88539f3922aa17bf02-16e38a7127e89e8b578aa85a77de029b.ssl.cf1.rackcdn.com/TackleDirect/2020/Footer/FT20_07.jpg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133229144029636740"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe
1092	chrome.exe
1092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 4116	2568	chrome.exe	66
PID 2568 wrote to memory of 4116	2568	chrome.exe	66
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 3876	2568	chrome.exe	68
PID 2568 wrote to memory of 4424	2568	chrome.exe	69
PID 2568 wrote to memory of 4424	2568	chrome.exe	69
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70
PID 2568 wrote to memory of 4740	2568	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://3c88539f3922aa17bf02-16e38a7127e89e8b578aa85a77de029b.ssl.cf1.rackcdn.com/TackleDirect/2020/Footer/FT20_07.jpg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff91c549758,0x7ff91c549768,0x7ff91c549778
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1776,i,9644803743801849117,5603173101477312119,131072 /prefetch:2
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1776,i,9644803743801849117,5603173101477312119,131072 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1916 --field-trial-handle=1776,i,9644803743801849117,5603173101477312119,131072 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1776,i,9644803743801849117,5603173101477312119,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1776,i,9644803743801849117,5603173101477312119,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1776,i,9644803743801849117,5603173101477312119,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1776,i,9644803743801849117,5603173101477312119,131072 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1776,i,9644803743801849117,5603173101477312119,131072 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4460 --field-trial-handle=1776,i,9644803743801849117,5603173101477312119,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1092

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3732

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5bbb7b8c-36fa-4c63-9d73-382ea7da2329.tmp

Filesize
5KB

MD5
25ebbff2fb725908db88cfd272bb2b19

SHA1
2d6c20a2422e6c37287b7f6b8d62a86a6ca55835

SHA256
af8393dfc21c16d2c27c8de4a20ae67ee6cf782bd652d2ec5406f528d5d6dd3e

SHA512
1a509e5f50cf4dad10c26938f7c0f31a5441ef4c91b6c9c55533a66860d83bcf8bbd19a9667b88bbda9e01bc7241d5e3c05851e06fd6518112d5fa6311ed6db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b6076d8ef351ee62ce0a36f177e132d2

SHA1
d1efaa8c1f0061226583eaba150a8835f667c91b

SHA256
e9a4491bef4121aa6c345261ec854b67d383450905ac1b3b80a09a2c8087467b

SHA512
e99ac5cdc234ce2e8a81904bb55495f7dee08e883405979e2ee2857b38879c2c89c535c47d36d92fd58731ba138ecef7379c2357477d1eb8caf634ddeb646c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5d5620db2dafb3fe42ac3053a2f82384

SHA1
08a5d35bf6d9ae5a929b6d1dd018a55a3c077330

SHA256
2dc719f49c5afc4fa108ddac034b548f163395ed964d11af698c6e2206ca4cba

SHA512
bcaac88399efe1d193171fe3342d4da482e0fbbb270fe10ff869230221342257f608f09526b000e0fbb73d4c1e301e18fec40bc630b9f8bb21cd961ec9ad5612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
52047dbb82c5aa9b80f7641786d4aea3

SHA1
8be4cc3f59bee8c72ca99777bf8d7e641d02d0d2

SHA256
359aef79df825d4d7d516ac112185a115b50228c22636db33decfef6126da7ff

SHA512
884f67074c9b1b8ba447cc291098e3aa1fad6bf8e43ad8b5b63d8d46768218cb845a64bba4b5eb9bf5617da14b6c9f29e342d60c8396a40ebdacd359ba613c4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
6483ac45deff0eb61046834d3d11f476

SHA1
5f03c816cef8782503b9652bbd089f84ca7d056e

SHA256
932d28edbcd83b2522b13062bcc0c1c546feaee4c70003d9b2e74989dc66a666

SHA512
05cebe45a9b39f28f95c5d5b049eb85c9ec29fee01541da2306dde00a373843e58038967e292ec32becbcd089b78e293e77e06a3d09430f17084ddfd5a7dbe6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
8b13843683ebd92594a439df78d84e89

SHA1
fcde0357c11e7c7b1aad9a88ac854741f47dc016

SHA256
7ee0bdce6ac386000b31bf06ea885c3c2d63142aaa60615bf46fe62b7215714f

SHA512
07be6a5866e89283e460ca02968d52444970bfb6f897d21804e2069ada0d6b1da85c78cf50c6b0110e55cd070dde9cfe7434be2c91e5fac0a76eaf30a04f94f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/3344-173-0x00007FF923270000-0x00007FF923271000-memory.dmp

Filesize
4KB

Download
memory/3344-175-0x00007FF922C80000-0x00007FF922C81000-memory.dmp

Filesize
4KB

Download
memory/3876-124-0x00007FF922ED0000-0x00007FF922ED1000-memory.dmp

Filesize
4KB

Download