hxxps://mod[.]io

Analysis

max time kernel
68s
max time network
65s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
18/04/2023, 02:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://mod.io

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133262668448088338"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4124	chrome.exe
4124	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4124	chrome.exe
4124	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4124 wrote to memory of 4100	4124	chrome.exe	66
PID 4124 wrote to memory of 4100	4124	chrome.exe	66
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 1396	4124	chrome.exe	69
PID 4124 wrote to memory of 4272	4124	chrome.exe	68
PID 4124 wrote to memory of 4272	4124	chrome.exe	68
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70
PID 4124 wrote to memory of 4300	4124	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://mod.io
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff5a0c9758,0x7fff5a0c9768,0x7fff5a0c9778
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1700,i,2525108183927561196,14167105927485021992,131072 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1700,i,2525108183927561196,14167105927485021992,131072 /prefetch:2
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1700,i,2525108183927561196,14167105927485021992,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1700,i,2525108183927561196,14167105927485021992,131072 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1700,i,2525108183927561196,14167105927485021992,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1700,i,2525108183927561196,14167105927485021992,131072 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1700,i,2525108183927561196,14167105927485021992,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1700,i,2525108183927561196,14167105927485021992,131072 /prefetch:8
  2⤵
  PID:4824

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4736

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {24AC8F2B-4D4A-4C17-9607-6A4B14068F97} -Embedding
1⤵
PID:3708

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
d8e99e533063be995b99eda2c9f84514

SHA1
32165c88dbe79eac936591bffcaf0a3d1c3f6f92

SHA256
7a42f54605611a47178346591e1678fc0faab2067df8e61a5d55c2d6da8f651e

SHA512
d06f234bddd0d486a2b2e2bce85d02bb2392a7ee1c3644d4c5dd2eec124c53061aa758dcc084cad6b8b16ee43e24405308c80f3120647df5901d516aa844cdac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
f0546c5b651779931fed162f4b866b74

SHA1
2608fd52242ab62f79e3d1fec6b9a18ec0cb82b9

SHA256
6f7329c020f91a74e8b7d54307424f8ece8e126747e3b6d35d3a55ec2104b42a

SHA512
7f8e223d6458dd8be46d42932e89b4a581c5dbe66f5c43b8850b15229412ccf92dbc4e4dd73c21d83955f7566ecfee71b815efd3b1e6c30d377b6f1125182534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
4583689771eb78ae1f9925bfc55ccfe3

SHA1
0b0d265ecaf86003cde680ba0910549ecc364fe1

SHA256
a966959a8c5b404d54da525e9e87bb7c77327e1c9cb91370d6d9bbb35cc4cbcf

SHA512
3b315a7d494058455106a72d76b93abd06ba66447e67ca1ac45f560477be949bdd947a70e2364550ba4e3e81d965da979c885c835be6dc4d3b6ceb465c8ecbaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6f5d692b25f1bf0be39bc38de1058736

SHA1
6d1190c3b6f42e6e8c0a50a3e76bec1a2e60bbf3

SHA256
b246255a3a352fa99c0389cfa1145d2585e4f8d166bc311be8416979a2f80a08

SHA512
63f5801daf041bc93c9cdaf2f5d0cf4f4fe3add7321fe90bc94ffaf75148cf5102dd42d5d1be88bf869218feb5d7539dddd809cab5852e668f925899c4115149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dd134d8672bc31ec804155aa5b195142

SHA1
79e145839992b0057e488e2cd288bb6d39db2ba8

SHA256
9ef2e5a05e2684955ade95e8a08afba323fdd4b7283c50ab2435ac577920e2e6

SHA512
892b4e425dee292e777f23b6d3f0418888de68855efd24ad9382db67d1ded36ecbbcc1b26cee2e3daf7ace81234b2dab61e15e864ec01445e8f1c2406c5df187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
da7b963902f5dbc45c4c65674bb00f62

SHA1
a1724f94b0237ce8d3529bc488dd603a441298ef

SHA256
6df4a2f3c4ec198bd6eeb6edcf56d84ef29700de8f89e7571cda872de3ec95f1

SHA512
6471aa3d17a1d5bca6c6700c6825293ef75cf6ee16f6448c44236d3d77f264e7e6b385ab25388ce3f52fcdc5c80d88874d29fbc5f892f4b2164a1145754af200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
9a7bf387df7162f9140a7b7bfdae9e71

SHA1
3dd0cb5e23d27cadb94a6c661121bd05b95c8781

SHA256
bd875ead1d07d27b58e7627cc0794589354c16bb91accaa458240b5d576f8a9e

SHA512
a5351f3bcb8ce0a0ba39360e941b4ae5f3ce06b0c6b49ad1876f7310d087151b09739442770664de98d656a616b283dd4b5f63ef881d3d3da597987c44243ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit