hxxps://sites[.]google[.]com/view/htssvacom/home

Analysis

max time kernel
52s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2023, 17:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://sites.google.com/view/htssvacom/home

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133259667843202192"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4348	chrome.exe
4348	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4348 wrote to memory of 4212	4348	chrome.exe	82
PID 4348 wrote to memory of 4212	4348	chrome.exe	82
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 3912	4348	chrome.exe	84
PID 4348 wrote to memory of 4780	4348	chrome.exe	85
PID 4348 wrote to memory of 4780	4348	chrome.exe	85
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86
PID 4348 wrote to memory of 1952	4348	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://sites.google.com/view/htssvacom/home
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffede549758,0x7ffede549768,0x7ffede549778
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1800,i,17005203305984811395,8844358355129765108,131072 /prefetch:2
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1800,i,17005203305984811395,8844358355129765108,131072 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1800,i,17005203305984811395,8844358355129765108,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1800,i,17005203305984811395,8844358355129765108,131072 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1800,i,17005203305984811395,8844358355129765108,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4764 --field-trial-handle=1800,i,17005203305984811395,8844358355129765108,131072 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4904 --field-trial-handle=1800,i,17005203305984811395,8844358355129765108,131072 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5148 --field-trial-handle=1800,i,17005203305984811395,8844358355129765108,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1800,i,17005203305984811395,8844358355129765108,131072 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 --field-trial-handle=1800,i,17005203305984811395,8844358355129765108,131072 /prefetch:8
  2⤵
  PID:4708

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4744

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
aecc142c8af8d5ca6042ed266ba9e444

SHA1
c6415b4ed8c40344f45e92e4bbd2437eb0b760f6

SHA256
45b7f83b00939863fe8b49a147c4ef321ccbcb3b87338ccb0530a1ff46507afa

SHA512
fd2e96fb717af2fc0689383c0be9fece70b2e9e48f7ed1d13514d0d1f68677573ae8d2a10ed4063a36c8f09aa576d4f959da4be2fe5d4762ea630e96a54ce06d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
7a0a0c278415407db9407c3b83e7140f

SHA1
cb8d46e825c487c15040147fbf42ea3abf0c5f2f

SHA256
52e781b8b8370128df8b54454fd4a64c7631a7b77dae8662e0024430bfdf1f8c

SHA512
a09335ab38bbbadb42ef7d2488f4aa643dd7cbcefa2d7c04ee41e91ca3bb7101c48d4bf26b85615ae7657b151a5d747c6315af35f855e4bda5257bad4d21c7ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
01a5b6e4c787894588f02e0e233c230b

SHA1
704111abceb43154d2aa70f257f82500cdcee904

SHA256
3d78885cd236ec1f5c1e1118a17f0a4d2acad09d78e4d5d883dfc552ac2c7c49

SHA512
b06687fe36b8b71c57d6a05baafe80a4ce3292c4b176330aec2f88a67bf8f70b1e7a14e5868ab193e2eabffc2ad354afbbc15a6eec06e747a1a2feb6c21c61b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4b7aacacf0014797f03704bfd3c3bf41

SHA1
c85e3ea4ecaf2e839a1517fa80534e84fb0acddd

SHA256
132f7e45d180dcf751473b9bcd8140a988a56baeb857c3304d33261f663be6dc

SHA512
41e0dcac3210e19739f0e1d7b0034178297e7c4b95a069c0e9ec59a1f8de897abd935356ce21153bb8697b1632c5d19e9975cf850244b8d3ecd3b9a547f0200b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
80800ffc73254a3a10df5062ffe3ea7c

SHA1
cce338b6cb2d82478f36f6d30e5e73a4b5a40bfd

SHA256
171d31d9e34b58ed843763a66ee726e7bb32f9a089da48f4f3b3c221b804f77d

SHA512
6ba226544c9719fd60995844e77887646722b30df70e410a4085f206868c3bc1eac026257bdaf72360cb640904d903d3bc15bd2080425d2cddb5c2e7dff7d520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit