hxxp://8[.]247[.]210[.]254[:]80

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03/04/2023, 19:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://8.247.210.254:80

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133250237608723412"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4400	chrome.exe
4400	chrome.exe
3220	chrome.exe
3220	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4400 wrote to memory of 1500	4400	chrome.exe	84
PID 4400 wrote to memory of 1500	4400	chrome.exe	84
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3804	4400	chrome.exe	86
PID 4400 wrote to memory of 3800	4400	chrome.exe	87
PID 4400 wrote to memory of 3800	4400	chrome.exe	87
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88
PID 4400 wrote to memory of 4620	4400	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://8.247.210.254:80
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0b619758,0x7ffb0b619768,0x7ffb0b619778
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1844,i,12732483705680281210,18018669476177228689,131072 /prefetch:2
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1844,i,12732483705680281210,18018669476177228689,131072 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1844,i,12732483705680281210,18018669476177228689,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1844,i,12732483705680281210,18018669476177228689,131072 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1844,i,12732483705680281210,18018669476177228689,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3996 --field-trial-handle=1844,i,12732483705680281210,18018669476177228689,131072 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 --field-trial-handle=1844,i,12732483705680281210,18018669476177228689,131072 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1844,i,12732483705680281210,18018669476177228689,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3064 --field-trial-handle=1844,i,12732483705680281210,18018669476177228689,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1844,i,12732483705680281210,18018669476177228689,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3220

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2948

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
21ca57c8e66669a169ca3a1d4de4e3d6

SHA1
60170fac9828fb7549cf60a0a2b5b82a39505913

SHA256
00a1bf4f0711e409c8effabec29d02fb3235ba8637c2bf4a33f1628ad5cbd6fd

SHA512
887371bd0493f7249aae0fec085216648ba447c1cd7de12051014516d86c19c2aeca380e06fbf43819efbd886cca1fbb2249b2d9829b149b4acf41b7cdc69358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
855d890bb9224a8914d3a6f86319cc3a

SHA1
c90062e864d5e4436e84d6e305cafc8f153f3476

SHA256
1f848bf41132f95ec08f6a0b8d546a93f4f428b8537b165a5c181c5957a734f6

SHA512
c8c8242f19341112925908af47f7811a2d171267af434797cdfe91f3d15a0e1e8f3479d6a3a8a77859e61d2c604fc4423a8ac574b1c85f0bb4725e9597c5976f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fdb77469b8c57da1374e79284546ef7b

SHA1
a69432f71c77dec18155f441a981ce6874edd0c7

SHA256
f6da8448be6ebffc562e3182f474631d5bc532d903a8e4057ea8f6642ada9a2f

SHA512
514bb392241c409dd3707ef7bee1cc378afc147eacf5cb448d242dd17e68452849b050ac9fe89097ec32cf371a3a43901bbc20ce8866734c52c990aec839a16e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
8b1459c13ea8132579b93886cba74daf

SHA1
02e7a3f10cc10a4c0397ad264f344ae80be09568

SHA256
1ccb397981b3631f59ef2b85df8af47a5f4472f0cce4c8772f24c574cf73ebf5

SHA512
2f60434f9e1fa91233fe8c11beec391f8d8b19a99af39b4fe73f2d07ab91410b25d584fc31aa3076140d27237e6d1131a1d37713514bf78cd3f3e59a44181a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit