hxxp://199[.]60[.]103[.]228

Analysis

max time kernel
151s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2023 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://199.60.103.228

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133238969897549421"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
2152	chrome.exe
2152	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 5100	4600	chrome.exe	87
PID 4600 wrote to memory of 5100	4600	chrome.exe	87
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 4420	4600	chrome.exe	88
PID 4600 wrote to memory of 1008	4600	chrome.exe	89
PID 4600 wrote to memory of 1008	4600	chrome.exe	89
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90
PID 4600 wrote to memory of 4772	4600	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://199.60.103.228
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab6b39758,0x7ffab6b39768,0x7ffab6b39778
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1812,i,14319389105194656096,17604415029376203674,131072 /prefetch:2
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,14319389105194656096,17604415029376203674,131072 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1812,i,14319389105194656096,17604415029376203674,131072 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1812,i,14319389105194656096,17604415029376203674,131072 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1812,i,14319389105194656096,17604415029376203674,131072 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1812,i,14319389105194656096,17604415029376203674,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1812,i,14319389105194656096,17604415029376203674,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1812,i,14319389105194656096,17604415029376203674,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1812,i,14319389105194656096,17604415029376203674,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2152

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5060

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
80bf6ff8453fbb6a2f0d2a86c9c2975c

SHA1
92302d9f2eaa7ddac3d8edb00fac65c2e0cec6a5

SHA256
16965b99a954f0062802cba28fcc3ddf79b1cc02df01bd357f83fcc982def308

SHA512
fc4639d9636d77b81b300798b1276ac86780d6ada1ec92fc2a5b222baec1407c3fa614c04e0d9e46159a2ba8ba5fce05dd44f683104be86479be0f99152b3478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c081444709bfe85e1ccd43e905ffdc6a

SHA1
b230b9fc58d5ec346372310438dcbedab6360f11

SHA256
845d371087aa7f1eb5b7b82bca436b18fa8806658566211d543c472f71f0e1d2

SHA512
52e9082c16f65143a1edd24dee4a2a76ecdab60bc2c51427c0b23b3513108bf9d41a2367d7b4676aca555d8b1262ad5faffee96baec5df00d122112995ac3f8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
8ac65c549e7e46cb6120cc7dc5c4ed53

SHA1
a890c9eb48840b82c0497f463877feb058857102

SHA256
5a5d59c29a1202e9f3ed9363a39eaa0abfb205d0de324e00906c83b4b2e8c178

SHA512
fa84a26e8e77594a8702ea73d4fe58528dd99e60c1201556488633e49a20dd282617b99a6af5807f5e3c067018ee45dfc5c34cfc1ea83cc906c7dd3f287b77a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
211e009037901ec8d777569838cd6219

SHA1
1485c87c0c2cf25241d3e82fec0eef7daa109405

SHA256
5ae4febc43f845d3107b367df362a9d343c18687ffc2ee06568e2206e65e79b8

SHA512
68ff1c5178fa1d1658c2b2cb335b511a2fd41130988e58cf491f8f9782bf98008c5851206bdf07f350a9aa1d0727f8e3af2a35f96716a50e5944ff44331f1ec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f6305881a4f778ed56ac5f4a4ec58e64

SHA1
07668fa470c21cf821c605bba89498bb55b5d282

SHA256
b9b23bdd58015a32d27e7a285616c2d830e5dea835c66530501bd7af523af45e

SHA512
12165fef1d4d15c70ca735dfe2f06cc741c71dc247c13dcccc0f66d2d51371018fe89a9630e81e0dc198fac34a73bc69be188e5033aea81eb7b352795068db49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3544e23b95d54a844fa194e4bc9944c7

SHA1
a6b9161d99d1a35d6fbc4b9015cfc8382faf762f

SHA256
cc08e3eb5824b7993c5499bcedaddff2a5d78ca5817d70bae53eeebd3fa117e5

SHA512
fba06a6ea1c95de5f1c3d9c75afeb47144557b118b3b6420d827493418c85096bec7fba193c94bf8a88d0168cf0788bace3a339055932f08d5c49226a0e6541d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
a68ed04b915a5a135116c6ccc54ed22c

SHA1
e1477df8fafe27454df7b9f9103d15df325f6782

SHA256
ca13c5e95c28327402f22ed6d3a78312792175e0dd7958a3d2d6cf23f2379632

SHA512
d56c9a87f7080f0cbf4c5f56563448960aeea7c49ce9bb50d27eaf2b3f5a8f8834344450fde2866ceb7ecebe08894b0b0f80adaccf21cd78f113145903cb8d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit