hxxps://cutt[.]ly/T8U9mEf

Analysis

max time kernel
56s
max time network
58s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cutt.ly/T8U9mEf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247055259163836"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 4972	5084	chrome.exe	82
PID 5084 wrote to memory of 4972	5084	chrome.exe	82
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 1932	5084	chrome.exe	84
PID 5084 wrote to memory of 2824	5084	chrome.exe	85
PID 5084 wrote to memory of 2824	5084	chrome.exe	85
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86
PID 5084 wrote to memory of 4184	5084	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cutt.ly/T8U9mEf
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd73019758,0x7ffd73019768,0x7ffd73019778
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1796,i,1901187764416219215,12252142259559585622,131072 /prefetch:2
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1796,i,1901187764416219215,12252142259559585622,131072 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1796,i,1901187764416219215,12252142259559585622,131072 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1796,i,1901187764416219215,12252142259559585622,131072 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1796,i,1901187764416219215,12252142259559585622,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1796,i,1901187764416219215,12252142259559585622,131072 /prefetch:8
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1796,i,1901187764416219215,12252142259559585622,131072 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1796,i,1901187764416219215,12252142259559585622,131072 /prefetch:8
  2⤵
  PID:4644

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1468

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
d6cbc1eb28fcf977997b2d455d16b011

SHA1
e465359173baf2218ca6ac2131bbfaa380abe26c

SHA256
a123699c4775fba1e159c499a923637f8d0c2f194ef74273d692343c26eaee1c

SHA512
864f4e779529cab01fc8c1ba7b308d1e91474f7f86e60e38a7747ae7406e0a20947ed9c271c6dd1035e10438dc63f2849b58f04eb97aa8429c7c20786bf37f5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c45906bbd8774a137ddb2e2700befd54

SHA1
736d78960e03092c4112d9376bdbc61dbdb49581

SHA256
3a903938e5bd2cfbdf1092f9cafe1637593fb0d83d5bd9ae62930885e9eb6328

SHA512
46b2ef89a0d7f27a1d5fa5d78b6a7de3615a5bb000d15b905394e65f45dafd52167e78fbccea04e03bebab8b343fc252564b06615c2bfc16813a57f60bc8b326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bb93b48ede5ee858722e02350ec71797

SHA1
72eacc4d072e1ff69e4ed7792b63905c9a19b622

SHA256
8d1a8deeb04cd68b6e26aa1d5542750f0ede8ce8f99a72080a3bed63990fa852

SHA512
56cea30bce77e90b5eb9345fc8d88c3027c04eaa16869b51f844191b13689f2af9b710ef1b7724d9742d6c294c49cd84bf98e5ec3c71e3f2ad8d13789de83b62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
526d4f445e9fae1ffa12f8e6a7bad23d

SHA1
1a4bcd5c92aab962739aa09a707379e3721689ec

SHA256
5df7db239ddd3f759e48fb5325b9c460aca1e7f8444826368301aaf2568d48d1

SHA512
a40fdbbd0b7f45f07168d95e735c7cd13a9eee446db42a06be35a68e129bbb0f62dd99ba6190aa13c16e74c2857fdbb0e853efa830e749e46b00e754b51b9623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
8db395d556cad7d2a1818199abd9e08c

SHA1
8beb190cffe7a3bb7df2b4a306926d7e2a3bb6bf

SHA256
18a503d42741b51dc5d96ddfa9d390a520aa52f2f31df67ce9f0793316fc0071

SHA512
e7fbe5b57dce72fe801067ab0f1505ba61e8760b896a814d35b0a978021475be420ce399098dc338a0ecd4fe4cd0e1a9800848b7b4805b16773827255dc073a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit