hxxp://wickedhumankindbarrel[.]com

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2023, 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://wickedhumankindbarrel.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133238079806510985"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
4264	chrome.exe
4264	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 1028	5020	chrome.exe	86
PID 5020 wrote to memory of 1028	5020	chrome.exe	86
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 4000	5020	chrome.exe	87
PID 5020 wrote to memory of 2688	5020	chrome.exe	88
PID 5020 wrote to memory of 2688	5020	chrome.exe	88
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89
PID 5020 wrote to memory of 4408	5020	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://wickedhumankindbarrel.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x44,0x108,0x7ffc5ab29758,0x7ffc5ab29768,0x7ffc5ab29778
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1812,i,7969683377491272105,16074067579442855836,131072 /prefetch:2
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,7969683377491272105,16074067579442855836,131072 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1812,i,7969683377491272105,16074067579442855836,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1812,i,7969683377491272105,16074067579442855836,131072 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1812,i,7969683377491272105,16074067579442855836,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4456 --field-trial-handle=1812,i,7969683377491272105,16074067579442855836,131072 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1812,i,7969683377491272105,16074067579442855836,131072 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1812,i,7969683377491272105,16074067579442855836,131072 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1812,i,7969683377491272105,16074067579442855836,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4264

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1212

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
830cfa9448ed02ee4cf38f101a25797e

SHA1
3a8d2389ca500c3db925fe7b78e2ddeaa98c7e9f

SHA256
a543a00762acf166537e4e62075028436c3f06b8905fd60421a2b57938d48675

SHA512
895312f0c641d9f2686e8bfd5c80c393219c4774bc1a8e7274e477aed792178b7aa2081955e23edf377fbd64246c865a9b7ca307de46bdd0421074f7c2a58a60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
36fd8f0ee0c6dd868dea43e24f8bf416

SHA1
b9c20744041ccd7fe998b89a8b271091d831935a

SHA256
eda91240c86ec55171ed8925b2aec8c7f6e78bb4219a12e917ef9de6b833e80c

SHA512
51b1b56b864eedd320c514228fe940ff08d5774ccbfc448105fd8a532ff19a4683d1f013122a4019d820ea0b38bddd610f042cfa5177a02af023d6a133897389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bb79ff729fb5e54b9a533de1742c93c5

SHA1
e63890519b4b227eb852f078d8343b88a7151e69

SHA256
045eb0e5905e1ff792c637a6fb64a6cd816ddf89bd4110f6f57ff552885f3213

SHA512
ac09e24aed00ef1516825d8e83e780bb73ba334a9b174a8c1a3f4054f888cb11390466c06b2bb827a89b3d4791c26e093f7609365c7bf3e8cc1c140154ec1445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
869a300ac3e30499b2c6dbe4b7e498d3

SHA1
ab445eb229fece1da8ac82caee0a5b5375dffdb5

SHA256
7006f6ea0406fedd69d6508144f56149a22b49299eab7a5c1324aebe44946a15

SHA512
2d416374b9f394959f26c922b6eb35c6855d2b290f5cb15dafd1409e47522dfc9c01b9eab99136d4427f9f96c2de76faed7228d04295902a3da60a1193afa5ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4e841a4868dec02c82b6689d535abe14

SHA1
06df52c681fded06c5390787914a51f795c670b6

SHA256
591e78a512168b8ef8bf38f8aa90724da43afeda6d46cb1eee08b7d619664e50

SHA512
a6e8ae2adb6200f4885e08a39b414bbf02e28586938d0657bf46046f31b0b0cd2a66def6dc8cd9591cdeb9b0ff32de9de2af768a832c8cd23a5d49788036813b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
352e6a055c6a74e97487b9ce3d53fed8

SHA1
66ff72c0693bb011588b6e933bebae840c342ac1

SHA256
11902bc6b8db1ee4f8d99c559480b502c324a0b6a43cb709ed73cc62d435135a

SHA512
a5af18cb5b39a892503a2d8c498ae0f18e991c7e1b5b7ecabe615005c078cff9ed2195515ec158d45d73eb7af3b333ade87858f2b272c9e880b0162809d95bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ec3b0ae3-1ff4-4125-98bb-4466a4ebb7e8.tmp

Filesize
5KB

MD5
bddb148d53be436a5402ac986aa86de9

SHA1
9164a3f152eafd1dfd6e93858a8611ea655d6d59

SHA256
b35c14de3928169d46d7bdb331c802acf5a70f08902ac9e8fa4eac3b7d815cf5

SHA512
92b977debe60e82955877606794839b59886439eb3be53fd3462157788e58326741e61186aea203ba544cd25b7dc6f0e6a42653ee28f721729ff9a44d2f46cd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
08a7649c0e48d3ea1cd5b8500fe822f9

SHA1
85170eacd8eaf504a4d8946bd0470cf364dabcfc

SHA256
a01a13d3ac5da81fffff5c0b04c804cb7d916c901fcb3b188a9fe5fba7d09936

SHA512
36a5fc991631fb46d4b930b27cb27ebbc4ca77b8b952d93015e7c2c81da54b75a2107d70213a8e59fd3213831904e3197c659f82506663f44b087a5bda63ad9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit