hxxp://p[.]p-44[.]com

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2023, 07:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://p.p-44.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133262847445000324"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4560	chrome.exe
4560	chrome.exe
4288	chrome.exe
4288	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4560	chrome.exe
4560	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 2424	4560	chrome.exe	83
PID 4560 wrote to memory of 2424	4560	chrome.exe	83
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 4232	4560	chrome.exe	84
PID 4560 wrote to memory of 312	4560	chrome.exe	85
PID 4560 wrote to memory of 312	4560	chrome.exe	85
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86
PID 4560 wrote to memory of 3644	4560	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://p.p-44.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffbbfbc9758,0x7ffbbfbc9768,0x7ffbbfbc9778
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1808,i,9499476541535415810,5621109790242904585,131072 /prefetch:2
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1808,i,9499476541535415810,5621109790242904585,131072 /prefetch:8
  2⤵
  PID:312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1808,i,9499476541535415810,5621109790242904585,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1808,i,9499476541535415810,5621109790242904585,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1808,i,9499476541535415810,5621109790242904585,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1808,i,9499476541535415810,5621109790242904585,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1808,i,9499476541535415810,5621109790242904585,131072 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1808,i,9499476541535415810,5621109790242904585,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4440 --field-trial-handle=1808,i,9499476541535415810,5621109790242904585,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4288

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1804

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
950B

MD5
602c068b5760f13c964e5fcfb4c8d58d

SHA1
c76c3272ed7c4faf90ae8ce8120a0affb3408a4e

SHA256
7a70f0944f29d572bb1b3df220105da7dfc0c39673e6b836418277bd8d2fb95f

SHA512
4a9b553c594bdc0c5beb6d2beeab2141bafa52e43754d25dfdf740966f239ee3a73a49a6a7ccfb31c27012188afda279d52770b91a10a59615fed0e85b9a3519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
0c295e0080e0feb689e72e68dab41775

SHA1
68f8a416d4c8008315e088cad2029307d55c10d6

SHA256
eaa3719d96d71aa02d2d9e6b17c7c7815ff2e36ddf64378c40a426044ec1d1e6

SHA512
901f2d44921ebf3cafc87a0b0c08fe3c6223f8864bc6b2ed8558eb17413811ae417643dbd87a375ca97e85416d9a161e38bb033bf7eec68f29c534f6c2becb5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
521d6bb3e882855793a2a6c413f6f58a

SHA1
0f5945a15926237c75fd81b69674aedc6878f2d2

SHA256
b8d1321e90c02d1e77f65e2cdb1713e198e76180e8556c1227ccc069daa12bce

SHA512
21318372413a7cec77b4f209beb8db7bec68690abf1a064c98e87f95c353df4ef47d37e21fce4ec5eee377db699c90736f8cffb141169d93ea41ad6bdfd150a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2f146873f1c699710c65822c10f4c18d

SHA1
77d42dbfe2cf1d40660f1d62b297151e78a5948f

SHA256
8c2922b6d6962749dffb55e040bc2fbd2f3e70878d9f74319cdc156bbe711c03

SHA512
ac0234ab3825dbfd144dcc84032e1c8fd62415f629b1fe58a53be8b18d6e5db48d36dd0fb75400310896d6050f60d5fd0ffb6ef493ce6419dbfadc570d3358aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1ac1cc0032f27b3b22b5cac26e68cede

SHA1
dbafe515c8d83eb24da446afa5f9cdc02a26131b

SHA256
d7fbdfb4f8fc72d9e270651d6ad5be86d3f5aa682a58471f6d56a68752b602d2

SHA512
5e7e6357a2205f5859f088fdeb1ef85036db4151ef01394e03478eb305c4f7a0f4f48c22168f172430fd5e7e28f6ee94013e13537af92095769f63c7fb191610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
7537b724dd8471238347521379935eb2

SHA1
98809d45b23a6b6c223c3d12402b6d17f7b0fc0e

SHA256
51aeac1bcf04e7698b74fcda331a01f930a7e7cc6fcb314663914cbf8169d1f9

SHA512
2e17c870e7513531067673a58d281242fade1ce76b63b00fc58a33c5ebbd66ef6b48e78b5d1808a8644c67ed45a7f52a221d2f097439ffe9476b03746166027c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit