hxxps://hotelevationstudios[.]com/

Analysis

max time kernel
2s
max time network
29s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12/04/2023, 22:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://hotelevationstudios.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2132	2196	chrome.exe	35
PID 2196 wrote to memory of 2132	2196	chrome.exe	35
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3596	2196	chrome.exe	84
PID 2196 wrote to memory of 3436	2196	chrome.exe	85
PID 2196 wrote to memory of 3436	2196	chrome.exe	85
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86
PID 2196 wrote to memory of 1480	2196	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://hotelevationstudios.com/
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8b389758,0x7ffd8b389768,0x7ffd8b389778
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1812,i,544574843276397462,7347774336873512876,131072 /prefetch:2
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,544574843276397462,7347774336873512876,131072 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1812,i,544574843276397462,7347774336873512876,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1812,i,544574843276397462,7347774336873512876,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1812,i,544574843276397462,7347774336873512876,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4512 --field-trial-handle=1812,i,544574843276397462,7347774336873512876,131072 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4920 --field-trial-handle=1812,i,544574843276397462,7347774336873512876,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1812,i,544574843276397462,7347774336873512876,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5220 --field-trial-handle=1812,i,544574843276397462,7347774336873512876,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 --field-trial-handle=1812,i,544574843276397462,7347774336873512876,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1812,i,544574843276397462,7347774336873512876,131072 /prefetch:8
  2⤵
  PID:2272

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2760

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3b4 0x3f4
1⤵
PID:2552

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9be3c73a973875d4677b70ca934e7763

SHA1
b51e22f477d20b53329a9fe73721f0851463f38a

SHA256
c4f1f0468b020d5724b0c8aefa0f136185b2d29b0cef9aca4ad6ea356182ca7b

SHA512
2ac841709404e937b26a07ae84e58f2f72ae31c3fc26a8ba07f827cdc126cd09bd399562b7e8edc4796d15bb3aeeb914492343b04f82319a6c48288c71c18f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c36834142dd24f2bdc968935a6f7ad82

SHA1
7c75acb0d7e2e9acb454f6b13a4b49b1a3f52fa2

SHA256
214c1640df18c715f2339feaa645962b4327d8c183c2423d3c7398bb15cc3ac8

SHA512
21fdb22d0c8a64bffe0aeaa4be88dd8f281e3b4de646c167897dded9c8ac14029a43a843e7a65581326cccc43fc9eaebbffa93e171c074d105431c7741c15d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4248e044147b740db9e3e31446f2e02a

SHA1
491f2173ded9846df89e5430e8105d13f4c04f82

SHA256
b67ff7f0102674fd9c1e6ba0a7a2474c201cc3eaa26d08a921bce3f91dfefd1b

SHA512
b166c3402a45bd772d16c200d7484736f9295e5c285766c433ab4a4f6fb0bce27003cdcaa923774190437fbb2c72910ef2cd1606a05a4bbd5afe58d898b0e1b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
74a57b0c8ece4f1572d135d4e0406c61

SHA1
15b8db658d16f458602c0fec76f234d279634bbb

SHA256
76f9ba889f88933aa2bd01f3dd42bc8c209015b120e8d213410f8a92bdea2e4c

SHA512
b73fcc81575e2231847cb376448bf403f5edd1e44190ff6523600ef53785cdfcc3d5d0cb212549328db5856656284db4cfb0a86c7229ce2d5571945184ed5742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56c604.TMP

Filesize
120B

MD5
70a0a8f0d28d6e3320ddfd09e041f2fa

SHA1
66ae9a23f036f1e4cd5569851bc9d5076e851b65

SHA256
4486339178c1e10ca7bfaf0b004e2bfe79eeb00164024c925bbc107e60bac93a

SHA512
bc89b504d6d54c230b5e8a24e8b028de754310b47a881e508ca0c7a7d16aaabbf57a39390cc524ad81d6788744f06e9ed631cb98d6c38b1d9dd7adba4f8dca57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
298b87dfb09560ebdb912f06f63e409e

SHA1
16e12243094495fb90431ea800c0894a51acaf2f

SHA256
697ba0ff44558cf3ee3cecc407e7e5dd0f130cb691cd50a6de0ed039e6d7ecf6

SHA512
c05659a7e9bfe0500ac4bf7fd1657483714f817d70504d6cec5ebf2ad69c6cfe8b00ec824b510fc957ac3fcf15a7637d4abb6af6ea46019cec23e6f0c22bd339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/2552-351-0x000001D128C40000-0x000001D128DFC000-memory.dmp

Filesize
1.7MB

Download