hxxp://xn--jetstapac1fic-n2f[.]com[.]ph

Analysis

max time kernel
73s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2023, 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://xn--jetstapac1fic-n2f.com.ph

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133263154338604547"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 2816	2752	chrome.exe	83
PID 2752 wrote to memory of 2816	2752	chrome.exe	83
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 4508	2752	chrome.exe	84
PID 2752 wrote to memory of 636	2752	chrome.exe	85
PID 2752 wrote to memory of 636	2752	chrome.exe	85
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86
PID 2752 wrote to memory of 3064	2752	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://xn--jetstapac1fic-n2f.com.ph
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca3999758,0x7ffca3999768,0x7ffca3999778
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1856,i,15801468461380020278,4502680599858009926,131072 /prefetch:2
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1856,i,15801468461380020278,4502680599858009926,131072 /prefetch:8
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1856,i,15801468461380020278,4502680599858009926,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1856,i,15801468461380020278,4502680599858009926,131072 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1856,i,15801468461380020278,4502680599858009926,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1856,i,15801468461380020278,4502680599858009926,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1856,i,15801468461380020278,4502680599858009926,131072 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1856,i,15801468461380020278,4502680599858009926,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4836 --field-trial-handle=1856,i,15801468461380020278,4502680599858009926,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5100 --field-trial-handle=1856,i,15801468461380020278,4502680599858009926,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1856,i,15801468461380020278,4502680599858009926,131072 /prefetch:8
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1856,i,15801468461380020278,4502680599858009926,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4856 --field-trial-handle=1856,i,15801468461380020278,4502680599858009926,131072 /prefetch:1
  2⤵
  PID:2188

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1644

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
60a548c97be8d9ed825f94d0fef009ed

SHA1
eb1e49426406a5c82dce01ecc0eb1b9f6fcc7f98

SHA256
1268bb9ba6ed6e36128b586b1538d8225bcd3cf950a79b4ac4b5124adb43d8b1

SHA512
3fbe61155e2ba08adf08790ca1b62f860322841316c3aac74f75a0e72debd55cbf521866ae89bb222401501274148fd25dcf7e677f8dcbdc5e041ded315e4a26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bd76252b07c739160ee4d728a10a7021

SHA1
b6c4e3a29e2a956580b03d32b7c08f60f7c88dbb

SHA256
d145a1c16ec84f857fa9fbadc726ebb01e9e0ec6160aa52e98620f3bd42a2d53

SHA512
a92c1129c773a271fd2019d52e0f7b104402474fdcc3ef6aadcf618cd0187f00be0f9c04d37446f7792c8458300dea915f08f081dc0d5fd52276d9433b7ea223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6541825b5c705dfd422e903b8b1d99ab

SHA1
ce50202899d11f62c47486ea4871e81e58aeb651

SHA256
bb6e05c83aef955aa4e7d1bdd5d1c28bb5af87e32e7902949a753f038ee06c85

SHA512
1baa1c8988bea538f50e2ab5420258ccce7922caf4657340deff668cafce19b089c15ebd087f6a56af7e2c0572dc9f5e2489daaa628652fdd4baeb62008eb26e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
0df8bd0707be2a484cce957dbd98d04a

SHA1
bdd390322ffa717b1e913a386939f96bce2fb00e

SHA256
a5f49e002384eee0ff52a91431be392cae42906428c6760d7e4948a47f19725f

SHA512
1f3c5f7a665d1586704b68a777af9146a4211944f30734ae9a5c413296b640c86eab7a9e98cec52b22f22f41f752bfeaf90f421130895ac20b933f7ec858a1c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
8d85e5a14d261dfbe78a72d3a2714ae6

SHA1
0cc1be6d63e9b75c7b883fb8b143d20c38b4280b

SHA256
c2353634812b3ea3a8c11dc4fe56bcaf03c4acc4ef0f8ff273cba7237496d379

SHA512
9d92f36a3e6aad74a4ea6b7efe315ac06c3e45bbbaf2819f7085249b5e961fdebe10169569025aba1b8723fba10af5a813d8c0f43bd06c3db9c75898c961a1e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
1e57e961a014bcad366fd8343455a94d

SHA1
fd7e527a0e40b0e30188d717849c723158358705

SHA256
6805261edd6d5c9bbddd7f35003dfc620450d0ed2a1cefc01164492d4c1379d5

SHA512
04cec2dc293bca9648810acec148bfdf0c81c130ff4dd516513c9068306be88bebbeb2b8a7c51b8ecb6b365392790fb571b03ad61ff8f7f161a3612684f41766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit