hxxp://eranet[.]com

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
23/03/2023, 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://eranet.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240658972911572"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4424	chrome.exe
4424	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 4832	4676	chrome.exe	86
PID 4676 wrote to memory of 4832	4676	chrome.exe	86
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 5100	4676	chrome.exe	87
PID 4676 wrote to memory of 3216	4676	chrome.exe	88
PID 4676 wrote to memory of 3216	4676	chrome.exe	88
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89
PID 4676 wrote to memory of 216	4676	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://eranet.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc489f9758,0x7ffc489f9768,0x7ffc489f9778
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 --field-trial-handle=1860,i,2436017861723988804,7113305341763043807,131072 /prefetch:2
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1860,i,2436017861723988804,7113305341763043807,131072 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1860,i,2436017861723988804,7113305341763043807,131072 /prefetch:8
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1860,i,2436017861723988804,7113305341763043807,131072 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1860,i,2436017861723988804,7113305341763043807,131072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4580 --field-trial-handle=1860,i,2436017861723988804,7113305341763043807,131072 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1860,i,2436017861723988804,7113305341763043807,131072 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5356 --field-trial-handle=1860,i,2436017861723988804,7113305341763043807,131072 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1860,i,2436017861723988804,7113305341763043807,131072 /prefetch:8
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1860,i,2436017861723988804,7113305341763043807,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4424

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:892

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2ec7d2ace9de2944fb494105a6ee451d

SHA1
0b971e35c4da04f935907b6ecdc53bdee20985fe

SHA256
7107c0124af26bb20b5a51e14ded9734e265a46bfa7df18de1cb9738d058fc06

SHA512
f75e5e65a67e3da39126d2c6460c2d3b75b8af3be6a5d59899d8b5bd1f3ae63f8a9c53e531e3d4532bf06163bc5fffc66c6e08e76156f86a0e5c959aee502034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
950B

MD5
9316074eef38bbdfb3c73ac46e45a81c

SHA1
93112bfeea5723a23f17e7747303a1e6e4d709a0

SHA256
cbfbfab92175800d1bb21aac94c908f57854c1d705d95e0a80ea4dd628d882ba

SHA512
ee113a51273461ecce37c8a9f07dc6bf259b54f055592493814c515fb86c99f0a26d34e43cc6b355da08b992daba3e9e9365a85f28c5e2e3b13c2bdd70235617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ae1a72f725529b15cdfb0a61d753ccbe

SHA1
f37d8f65a415998c6d46cc34d0d58ae2183e721e

SHA256
c518ef4c7d8ad9b914d1fb56f2c0eb6f5af33c4b3236bb1d70f77cb96edac4a7

SHA512
70d8b2be61cbacef6ef3a8e8161bfe1c074f31c0a8e84c52a40c7cbbe4b685677d720c256135200f7d9233dd36df7648f4e56ec79050768210f4aeec35350725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0a78cd52e2628fe400785f3607b8b2b3

SHA1
9530565969dc34e5151fadc610f972a547d6d64e

SHA256
7543fe7c236de80e40a6184de2e5b793d855c0a21239f69c889a495430e90a65

SHA512
918a7f70a2eb6b21f61b0630befacb3b4d8a6bb85af5f87e06f7509f966128fa46bca4075d4c32349ecbdd18e72f525ab91e4ba5998c431921873d9756460e6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
de66e5be20b7e572da2e3fc6cc71d079

SHA1
4d151e2e8ca3c215bfd9d9561fd0ea58ea0fe571

SHA256
2cb66fafa4fdc16f65c2208ad1ddf21db30db5f90ec181f938365d8bb4f8288a

SHA512
5b42ceb96f68fa3717b4ff4ccd8585ac8280163933b0d304589513df2b85915601e46b947debfdd40e52b6be429037d9e28350628d1d64a89d5b281cf9b1245e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a5a0b6843b25609a4c3fbed8ede2fbbf

SHA1
5c8be0a47b5ce0571de36401604ee8427b0c808a

SHA256
5e687f5619b8885fa7563cdbcaad606a33ae6306c84ff0d821cab4685063a2a6

SHA512
9e7bc5c7a0a22e2508febfac1c8b0513f1f38716648b62823bbfe343009d77f3acce5baa52f35ede4db2a035b7c5f2fb84ed4016810a134ac69cbe06d657fedd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
b094a4efb78e819bc3947b743e28d33f

SHA1
8c6537bb77493f76411f9301622e743ca22378d1

SHA256
70852651e2ddc77aa6940b524b5cf9fb8513bc67a751e6b0e8cc943e65bc3271

SHA512
0f73942e7213cbaa0fb936932fd485a5460fb51ef96fad68f21e27d92b44113eb89c26b5dacbec4fda7abfe41416a151b2d598e31d53129742c9eab854e0f3d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit