hxxp://shawarmacornermilton[.]com

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17-03-2023 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://shawarmacornermilton.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133235563599419525"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2136	chrome.exe
2136	chrome.exe
2252	chrome.exe
2252	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 1384	2136	chrome.exe	86
PID 2136 wrote to memory of 1384	2136	chrome.exe	86
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 220	2136	chrome.exe	87
PID 2136 wrote to memory of 4828	2136	chrome.exe	88
PID 2136 wrote to memory of 4828	2136	chrome.exe	88
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89
PID 2136 wrote to memory of 3860	2136	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://shawarmacornermilton.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffb72f69758,0x7ffb72f69768,0x7ffb72f69778
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1796,i,78442760390256273,5764652293333078361,131072 /prefetch:2
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1796,i,78442760390256273,5764652293333078361,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1796,i,78442760390256273,5764652293333078361,131072 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1796,i,78442760390256273,5764652293333078361,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1796,i,78442760390256273,5764652293333078361,131072 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4552 --field-trial-handle=1796,i,78442760390256273,5764652293333078361,131072 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1796,i,78442760390256273,5764652293333078361,131072 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1796,i,78442760390256273,5764652293333078361,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1796,i,78442760390256273,5764652293333078361,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2496 --field-trial-handle=1796,i,78442760390256273,5764652293333078361,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2252

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
15a386afd5f3389501eb5a590c4da1d1

SHA1
815e84c2f92e937240c0acc2fe21aeb437eb2e13

SHA256
11a53dba8ef4f3c6ff1c9c8e10b2a702390ab961e64b38d05d9d7a0744f4d2fc

SHA512
b9863b5628213d3346fccd214b13df271aaf8c6bf27d3ec1f6ff36087abf2d1a8cd6a71c7ba7eadf62004027b7554d62ad9175fbc74373bd6dffaf2db6a0532a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fb6beae69fa1d636597159c1836a0605

SHA1
3b2c976ac0d1c739c0bfee09aa65917bb2bc1ea9

SHA256
893b02f4edab166d636da1c43fa68d7b19b09ba8457b5eb8611d9cfcf4318a87

SHA512
5eea0865a4e76ed9261164f25b0b2694cc8650cc9f896de0080f776f97ef2655dc2b4774676d8384d1be81f82c31887e631ba5de472be893528cdc46483fef56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9fe4f756aec70e334a794bbe3e133e13

SHA1
91f5122ddc21008cb45488a7d3ba16d4435980a5

SHA256
44deda12b52df153b3beb38dc6520a382b5223ccec9dc310f5dbdeedf1a1430d

SHA512
974c2472c63c469c7074ddb1022822a27848f1abc9d4b0cbf7ba73107f35fa68afff90a62a6c4b548a9dcaab5be488d8bda905f52736766dddca7fcb50fdb57f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
53009e7bdfe895f7a6759488bafe812b

SHA1
fa9d43b4091a3dc70ad2a2dd647448dc2e43bba9

SHA256
9b586552d03fa0fa2bfc2b6db4c67b68ddd6585f776f02d63bfc1ffb4aa9635a

SHA512
c5c244d345c1124fce76b31f90dd5b9dca84f340eb75b9df607b6c06ea29effff6833b099f3b375876c0402553fd3aa7a703c15f4195d516be2a4e970652b904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
8926814ea5a44842828123e83715a03d

SHA1
2da9c2ac0d4d0109a824cfcdd34b5262ff4ca82f

SHA256
83f16bf5f7aca709eb8832eef31dd110e3a0e15b638b4520d91101a5e8281147

SHA512
118891a91cd8bba66e62c15c47adfcb67f11cd1832ea55c7e205c03339305daa17cd4c7b9c7b960e1d8f52fc629a86a4a12ce9189a03f51ed4f79d8ff3d4cb16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit