hxxps://bit[.]ly/4265Cx7

Analysis

max time kernel
600s
max time network
592s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21/03/2023, 20:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bit.ly/4265Cx7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239090232735046"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1516	chrome.exe
1516	chrome.exe
1832	chrome.exe
1832	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 4380	1516	chrome.exe	85
PID 1516 wrote to memory of 4380	1516	chrome.exe	85
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 1404	1516	chrome.exe	87
PID 1516 wrote to memory of 4548	1516	chrome.exe	88
PID 1516 wrote to memory of 4548	1516	chrome.exe	88
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89
PID 1516 wrote to memory of 1948	1516	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://bit.ly/4265Cx7
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb65659758,0x7ffb65659768,0x7ffb65659778
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1788,i,18250100799285364368,11323527336988576961,131072 /prefetch:2
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1788,i,18250100799285364368,11323527336988576961,131072 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1788,i,18250100799285364368,11323527336988576961,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1788,i,18250100799285364368,11323527336988576961,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1788,i,18250100799285364368,11323527336988576961,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1788,i,18250100799285364368,11323527336988576961,131072 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1788,i,18250100799285364368,11323527336988576961,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5124 --field-trial-handle=1788,i,18250100799285364368,11323527336988576961,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1788,i,18250100799285364368,11323527336988576961,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1788,i,18250100799285364368,11323527336988576961,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2572

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
220b47377204db6b9ad529c301195591

SHA1
739ebda3dacf7d53954b62342d45a53cc9e40df7

SHA256
e3ca6024a84a530ab7b60723b0065dee6e6dd09016c3a95cbdd30238350d2391

SHA512
65a12432580f496e7c383f48179f695fe53da3b299cc604fe5761fd26ea9c637ffca453fa2e9f5e143457749d0190a54f1099f9eeb7261887f0c5e0243eef59d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ee22eb54518094ce3690e0142d936677

SHA1
32d74b33955b4574908686a2a5b7dc11fcdf9971

SHA256
4b385ee44837099abb61ca8b044b9b7a7bda8d02b1c472e26a9b76f18fa62b60

SHA512
36caa22476a189b6321a6d4828219a229c68a03a492c985497370ecdca5648fea8b0c3d50003869fb3c2018ab7493d6e0d150cb286a21ff87b2dfc10cad15c85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f45b71db9121285d6e8f5f55eec2e2ed

SHA1
ff3b40042bf3ee9945aac2596293df8faac87325

SHA256
d306b86bef205b73d4e5ed1395b621e0ff63cf732d2b89919af594303248acf6

SHA512
b6d470cd48474d2b007def903d7fab2d3152e042d0a5126ad3ca1497cb3229897efdb48b3bc605b37c97732e1fbea0a9c78f436ce0df13fde356bafe21e860f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2d002a6c71879ddace1c90e739235f2c

SHA1
9e112f41ffa3bc233e13f3805add2cb54d26cd00

SHA256
499e92dd34a4ae6db040f3a49a00384e1c1d83dfd95aa6805dc052c2fc8516d3

SHA512
eaaf3dc0b064329ab5fc1b70133cfac78774fb993ed858719f1ada33147d37a21b9987597f7f78aa503b5ced5ef31d2bc38418a8f802b8ab5a79466a74bbe376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
46ed378e968d9e6bc7703c87d35820b1

SHA1
04fa1b8032e93dee4d074b6162f99f9c5cfe94b4

SHA256
ff6abbb644c7e306675136a0b48d8246b2bd2578de3b996884f137712a78113b

SHA512
54adc4937941d8e73cdb838b91299bcd983eb99ded3ab3dbbca256052c8b0fa676cf9a4dd20258484fe597508e86c0ac7544b00c5fb480e9e2d5fa3cf68426a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a91a7ebcf6906662445ede6664f24545

SHA1
ecd54502e796251c9cc9da17e56961a1e1ca4e4f

SHA256
68fda1d32184f7a43da9d809510fe5faf5d26a987143b7512bcae9955ae588ce

SHA512
4053c3221318f978fec50d043eb6cc79c8d37294604b9908cf74cd8ea87c248d677e9edd9432a17c0cb97aacf2dd19ab26acd479dbaedf8146f95de11a5b0c14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
3d0579caa5a5c76b25e3c18a9f2076ce

SHA1
15d0395d77fdeb02dfbcee362f67dd01c20f4c52

SHA256
251c68c1a1bb9ac4b58d10839cc342432bcd29653c9bd2d305b218621ae37e8b

SHA512
47bb8d7fa4f1fc64923255938d04c4bf2c8fa4b2612fec320b0d26a67985ae158bbfba5168192fa2dd359529148fc94694084c3f31ab63661b54b58ce52b46dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit