hxxps://74aff09c-6101b255[.]hialeahmetalspinnin-org[.]com/

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02-05-2023 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://74aff09c-6101b255.hialeahmetalspinnin-org.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133275330929418370"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
772	chrome.exe
772	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3408 wrote to memory of 232	3408	chrome.exe	90
PID 3408 wrote to memory of 232	3408	chrome.exe	90
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2748	3408	chrome.exe	92
PID 3408 wrote to memory of 2200	3408	chrome.exe	93
PID 3408 wrote to memory of 2200	3408	chrome.exe	93
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94
PID 3408 wrote to memory of 2800	3408	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://74aff09c-6101b255.hialeahmetalspinnin-org.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddc129758,0x7ffddc129768,0x7ffddc129778
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1804,i,18361640903488625296,16226039624854948177,131072 /prefetch:2
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1804,i,18361640903488625296,16226039624854948177,131072 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1804,i,18361640903488625296,16226039624854948177,131072 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3240 --field-trial-handle=1804,i,18361640903488625296,16226039624854948177,131072 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1804,i,18361640903488625296,16226039624854948177,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=1804,i,18361640903488625296,16226039624854948177,131072 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1804,i,18361640903488625296,16226039624854948177,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1804,i,18361640903488625296,16226039624854948177,131072 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3944 --field-trial-handle=1804,i,18361640903488625296,16226039624854948177,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:772

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:472

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
732B

MD5
e009f22445236b1441f281ab43b322d8

SHA1
dbb9ff330020622d73102276acf49f61dee3af26

SHA256
484a3858f8ce85673763e756941c75f8c922b45c6d86700732c25746137ad046

SHA512
59b8ab566ac05c7701e5bea331509b97e4f7c889838fc242ae52a221b44a6c99e4d3bbdef01ac7e84dbf55031fe1567245bb5eab33a01fca85b8f601dde3a231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
5cf8f8341c1efd477785446ccb588bd0

SHA1
0300ce54af5fef0da06da97cf92612561319639f

SHA256
f23b108c11c30e5a4314be695dfa8542748673687e1a2723216f840a5443e5be

SHA512
b7d1e4feb8a483d618dd8523b3a0c6e2726add9bdeecfa60db6068d639512f36e248d50d02103e7e0285c1af114ca9eeb0b2c5acccb4ed96a7a25dceb83c2e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e915f95efd36ffcc1f5757de24fa0dde

SHA1
620114621e8c2b023f236d3adcc3a8a58e9e6f8f

SHA256
a8bfaa82ce7ecff559d2916f4853df46c3c584c9d6332e477e50d721c4af10dc

SHA512
18fe591f24be0fa170704efd3e8c2a3b86568016b34416044f7ba8e5b512962ff982ac5253114b2d7434ba9f0f34f06feca8f75deddc52aee2ab4215ee2a3bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
29f2a412da7932dfc142c72b1020043a

SHA1
c91a79548d3135c42cb98050e3745a6f52c78d5b

SHA256
0b4af9d939102eea89e307b97547bb259e6ca4437e3516a34a258c86f9338114

SHA512
64c68a427eb2fe6c5d473533ecd4e7d097ad09285d7e37a4cc9323e7e733d2ead4c5bd57b079fad816d9ffd89bd47d422388271c79160e2b320c04b2e2758021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e4ad9c8ce3f66c92265f51a2fab61f8e

SHA1
22443edbc8a117a68936a3cdb7688a693b2a335a

SHA256
ecf3c085c25694ccec2d6ac72d20b5fa3904cb6bbc5e9390e1f3be75a0daeb97

SHA512
c3ce9ee9887d70d8cd6a5a8bc9573e244b5550d75d93697549bdb5f71d0d667e9f68f7fabdd2edbcf0033b60e4ad3bcf9c365dcb92f65aad0d7e401f4cd41c71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
67bbc1307187c0477e56585637ac3514

SHA1
97ab8cdc8ccb10b75ae6fc83ff32752e3d4b9478

SHA256
2793522655d34961baf3626cad06f815905649b6a46d04449d8a62f540cdce72

SHA512
e55c0f6365470a7aa2f43ba4149fe6fe9ac6636d3677a59f28e82df0e0e0bb08ede8e97b968ba7e73a7c8172349276b6cd2000ac25a7ed45c0c4be73a0e52828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit