hxxp://www[.]s-techtraining[.]com/

Analysis

max time kernel
33s
max time network
32s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2023, 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.s-techtraining.com/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133262824118815996"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 4336	5084	chrome.exe	81
PID 5084 wrote to memory of 4336	5084	chrome.exe	81
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4904	5084	chrome.exe	82
PID 5084 wrote to memory of 4116	5084	chrome.exe	83
PID 5084 wrote to memory of 4116	5084	chrome.exe	83
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84
PID 5084 wrote to memory of 1648	5084	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.s-techtraining.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe74339758,0x7ffe74339768,0x7ffe74339778
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1848,i,16025614957702371751,18108464983703601414,131072 /prefetch:2
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1848,i,16025614957702371751,18108464983703601414,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1848,i,16025614957702371751,18108464983703601414,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1848,i,16025614957702371751,18108464983703601414,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1848,i,16025614957702371751,18108464983703601414,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4516 --field-trial-handle=1848,i,16025614957702371751,18108464983703601414,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 --field-trial-handle=1848,i,16025614957702371751,18108464983703601414,131072 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1848,i,16025614957702371751,18108464983703601414,131072 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 --field-trial-handle=1848,i,16025614957702371751,18108464983703601414,131072 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1848,i,16025614957702371751,18108464983703601414,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1848,i,16025614957702371751,18108464983703601414,131072 /prefetch:8
  2⤵
  PID:4296

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4392

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
eb092382b74a990eb50e4f49ff3cb618

SHA1
289c9432819d1524ad2e47b9358bb3d6c2fd65d5

SHA256
c87be94a281ff9f9adee8356f6d244069f483e2d238d937db05b3ddfd0b09d0b

SHA512
a294cb113b43e1de7aae74074f3d0e72fd9d7da5f9ff571b8250756dedf3e12a41e6570327ff4299d1d98104cae8d6de97116e6b11773bc13d601ae0e9006a2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
78b73e2e488f28bfbe898ebf1a547d55

SHA1
17f6062c3b5ccf3a1e86b4f1f825b66d41d39078

SHA256
4dbc4d8f0cbcce332cc1251bc98cd87969b0d2fa56100ea9cdec4348335ae814

SHA512
c04ef35a1442ee79b80f573baf97afd2e665c57d39194ce2b91b9dfd6bc49da9c01f42f4444fd52f9068da95c762251be232547ad267a7249e8ab03f4f0cccdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
047f06ac14a556d416491f8713d29e57

SHA1
7470693303f1122d031aa5f67d9d022db13188cc

SHA256
3ccfe9be0f4e7bdfdc812e5d61a198b4e63a035fcb31da8e05da6daa47081b9f

SHA512
8b679428a79e2148564cf24c5f7ff1ec5faaf443293d09ecf8a18fa7309de5032f83f599fb036757ac8e33f1c081a810c5711c9f50330621f3c2c3beb524b25e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7913f1c2e2d50db61b1be25799a838c5

SHA1
1cfce6c12e2796e77fe3c02230091bc20f67ab7e

SHA256
47b401c7d71deda356a6bc542124a7ed7f8a3dc0ca2ce7a0a92959f4864724a2

SHA512
3d84db17e8727f5bfc0047dde0ecf5f4d5d2b8ac156979b1753ee480b76eacb5c672f22a273739928e80b21a5864da965c9b87db119f103d46724b7fb09e1476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
515006562d4c5714fb502aefa43c8998

SHA1
5e6e643adbbae2b6d79c00b2db5c101c880cd024

SHA256
3d8e8115fc2e36e7d2604b45516caf5cc5bcadf848038bf7df9678fd5a83a135

SHA512
3fe5c2fbaf6ea51bc27fe4b437ad09462b4c549e3a2d8f2193e98f30696ee5562078f8e270c83b1b6188b84e78270fda64f597ab9da6d59c46bc01ec6aa3ff26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
f0b9b388036608aa583c9f651707c2dc

SHA1
ee71250cec4668b431d7cdb8c2937d5f7bd3e4af

SHA256
436ef3d5c41f7e70c881ce130e791d1891ef68d975233aef5b1e1bf8e3b99f3e

SHA512
c51336a0a395c9fa3fa2fd81f03ed0215ab2bd24f4d57c3e490c4768e298014dbc16eb1a9c3871f8f6faf1fee64ef27c9797a9903a25d3f8cfa1510fdec0a01e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit