hxxps://cutt[.]ly/Y75vxmG

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2023, 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cutt.ly/Y75vxmG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133263809078945796"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
2972	chrome.exe
2972	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 3068	4892	chrome.exe	84
PID 4892 wrote to memory of 3068	4892	chrome.exe	84
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1168	4892	chrome.exe	85
PID 4892 wrote to memory of 1696	4892	chrome.exe	86
PID 4892 wrote to memory of 1696	4892	chrome.exe	86
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87
PID 4892 wrote to memory of 224	4892	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cutt.ly/Y75vxmG
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87f649758,0x7ff87f649768,0x7ff87f649778
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1796,i,13789141226900653546,4587104306344450747,131072 /prefetch:2
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1796,i,13789141226900653546,4587104306344450747,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1796,i,13789141226900653546,4587104306344450747,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1796,i,13789141226900653546,4587104306344450747,131072 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1796,i,13789141226900653546,4587104306344450747,131072 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4472 --field-trial-handle=1796,i,13789141226900653546,4587104306344450747,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 --field-trial-handle=1796,i,13789141226900653546,4587104306344450747,131072 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1796,i,13789141226900653546,4587104306344450747,131072 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2780 --field-trial-handle=1796,i,13789141226900653546,4587104306344450747,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2972

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1272

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
2849984d45e109ef0cd58811861db021

SHA1
6ec8b4650b80085fbea431d57ac6bad7300cc8f3

SHA256
930ec225b37af131095657bac45249c4bdcf9ba0fcc4b0a566918322f77faa53

SHA512
39e2e47d90e344a03300e939b3bf0346423c8ba700ba4390c0af94d8543e2fe45818ba24bc96527ca0ac2cde51655a4b3496c001850dc4915e551b75d65e9804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
30f2d149b54dae72e0b7b58692101a6b

SHA1
727961ad00a0d6a66115e959fd5c63391103c938

SHA256
1659294d59e3cc435e1f84b8d3587f8db95fa20f2f3d4de43dbf9f50c670f187

SHA512
c1b52e463814cddcbd6eba217d282962c3e107dc74c863082dd84618adcdd1ef0de43eb7a39b99f0777463b0b324663499ea4878935f10d95e36532b3697e2df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c5a860329c2d4db8f6e10b5dba05d4d0

SHA1
5b03a1643c3ebb81f84dee8aa5082b68f6d26e3c

SHA256
41c378aa39ae97515372488e78f00a4814216f6613b63a7c8700d12f6eb4a4e1

SHA512
3bcc6f57f5c8d4e522a2d26c96f8615ce22fca5e299d3001efe304b30a4950772dff506ee9effdc5bff930e7c2539fc9223ff41d6dfa11c8a65590013b9663e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6e1def7a448e4fcad19afd3fd344ccb2

SHA1
903c76d00b5eb1b08164d13aae669ffdd39cd7ca

SHA256
b5aee271db6f09f9c7bc15d139b98e54d21875f4f6d5c4809cbf734ccccdbea5

SHA512
daccd3b6fb0c12ce113429c8db9af90a46ae6eeb3bf3ce963ca464160bbd11266af207102d3b9d5b76fcdc297adf5108227bbd49a9f95cfe975d5159a0d668ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0351914e0cf8bc6dd8c24c2f2e9b2eb8

SHA1
22ed29d4e22cacd87ba76ee77ad6149b3ea7d1e1

SHA256
0d4ad609e7096ef4a353e74dd2f851447c6e9b9d48498bdb788ebb5c015095a1

SHA512
8926ecb3d50d652cbe68cce8bfc2b8991022e3bcc6e15292b2bc448867c5efb985b73a61eb13c235e181dde469a76c8f7dd89c09b4608f5e9977464b91c3ca69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
107c9a602244814499b0614a8db7df48

SHA1
d9e900224e5ebc4561030c67c85d0e7a21654220

SHA256
02739b1a1c1eb9ac5502140e988d10271ae9822abb313449e108c7398a723e57

SHA512
4dc0675517b52f877d25e652c8962a2e81982bb38918ee85c047701788614e5a5f04ececb2c62f3707af834ffa0e054f82d1183b7da54e45d2b2db8b0a540ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b14601ecaea6d40002a979a456b0da4b

SHA1
3acf2d3913b7d834b363bf5d298994601be550a8

SHA256
14096d0e976e4edf5eb09f46e36e573df239ba6f11944d9631e82f4430cf5101

SHA512
6a3d9b00f68c6ee6f2fb39e5d751bb77646922161bba5d253c44d9ce8ef40e6858ead443d590f343db8cbe4f84ce158a41801f7e05f759f27ff57b83d0c8d17f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
a5f597c57e279fc4f01166088aa66966

SHA1
0b5a126da1e98143d3fe49153ee9e9b8dc9c5725

SHA256
3ac6d668218980edc1684b6937a7632c9a83c755ec719d844ef5910c89d25251

SHA512
80eab6d6d520de8a89196934b91306dfce2fa906b77e2ba7e803ed7b678fb0647065a25d4b386420b5bc54e50f7e6c0f421fc323f95296f59cdc44a09729cd1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit