hxxps://betfromhome88[.]com/againagain/longongsloads/sf_rand_string_lowercase6[//][//]cmFuQGRvbS5lbWFpbA==

Analysis

max time kernel
270s
max time network
260s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2023, 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://betfromhome88.com/againagain/longongsloads/sf_rand_string_lowercase6////cmFuQGRvbS5lbWFpbA==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133280446742113538"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2108	chrome.exe
2108	chrome.exe
1648	chrome.exe
1648	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 1584	2108	chrome.exe	84
PID 2108 wrote to memory of 1584	2108	chrome.exe	84
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 4368	2108	chrome.exe	85
PID 2108 wrote to memory of 3040	2108	chrome.exe	86
PID 2108 wrote to memory of 3040	2108	chrome.exe	86
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87
PID 2108 wrote to memory of 1884	2108	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://betfromhome88.com/againagain/longongsloads/sf_rand_string_lowercase6////cmFuQGRvbS5lbWFpbA==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a3da9758,0x7ff9a3da9768,0x7ff9a3da9778
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1804,i,8597291845609415806,6718002981692804056,131072 /prefetch:2
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1804,i,8597291845609415806,6718002981692804056,131072 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1804,i,8597291845609415806,6718002981692804056,131072 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1804,i,8597291845609415806,6718002981692804056,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1804,i,8597291845609415806,6718002981692804056,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4544 --field-trial-handle=1804,i,8597291845609415806,6718002981692804056,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1804,i,8597291845609415806,6718002981692804056,131072 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1804,i,8597291845609415806,6718002981692804056,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3832 --field-trial-handle=1804,i,8597291845609415806,6718002981692804056,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1648

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1312

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
77db9926195a10536c810c9c150b35aa

SHA1
8223007803dad42aa6d18793a7ce35bd07370ce1

SHA256
8c87c4b754ff46fb20c815211d3c9cbc87f38cd9eb3ce7ec7d4cc7ca1e77337d

SHA512
fd02b61cc4e8e06ae0ffd0d313eed87f6a075ab9be7c8f5dc57370c621146ace665f50194f33806acd42f1e182aae031227684ba6413bac0f4502601560269cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
01be7ed04fe6a115a978674c396d87e0

SHA1
ae03fb8e3740b486720103e52a45b7ffc720e490

SHA256
2753e53c7bfc9b9b0f8c02eb4f6526e16c0847ccc60aa032605db8ce4cd1cf53

SHA512
e49e751b80aa97f6711a00e0052f3be4014e2ae61e4b2a27656d67ef3eab0abb693fc99b3f0c745a5bb2c0e80f4e774490955090a7f7cd3ae7fe867c83e70984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
726708eebb0096d5872b3751e45f983a

SHA1
4232dfa765219ee4f110980fdabf8f62bc3ed0a3

SHA256
88eabbb0c1283525210cc1a072a57d92f3f1e625502841fc3be69daa901e6ad6

SHA512
c8653d51bf6ea4ff4f61be4760f73f8b93a19657d28838b75b6dfb57639ee75ca22252bc4981253e99f46d7e343e0955bfec08f3e497ead338f0f13b378483ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
46c1f3654d56655bf9544efadd060000

SHA1
c3f9122ec59e8c4d9cd587ea893352dbdd797e43

SHA256
e5186409823d288899bcddfc51c3a224474f98bd7dd4de6d13f175f6cfafe96e

SHA512
59c4b68893cf8600147dd6c83137fb26353b4e86e27464c32f72f55bba71d960d84dc9e44fdbdbd031e6fb6790e2cbe14107a97b55980c2425458b57b5edd098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ab3de00a181ba15ad702e45d33ce1418

SHA1
48a21965afa289d259099369b49723809e4b2f56

SHA256
d9185990aa522953f39f4fec28cffa72324df503530ce9aa61dea21d5130919b

SHA512
caaa22cdc2db926675b223a031f710b00195545ac1553e48ee2fabb8936ef59db16b9bcf20018de6e7cf31e5c50aec564475f45d0490684fb6ec450c31000ed0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d5a9bdcb2705194f46b33f38307ee8f6

SHA1
5976b19e6a49bddd5d2c5a393aa130e7473bdabc

SHA256
7eaf265f3b3b0f80487aa3cebafc508704312269b68ef2f624c14191dbc6ccd9

SHA512
8d9dc61ed33904c3f0183a53e4a55c40bacf1b365eb819f89e6243bf255d2b9d2e8658156ab4313fe3edb9c21e5ea1ad423585f528e678840287ab36432d2fee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
824e7306399391030efc59aee89fdded

SHA1
9efb7b070b3f80c8c807857d4974106c0e9350cd

SHA256
24c7f9008988a642df6e673b63fc5549445f29b7467c05f98c274882b574dac2

SHA512
657f729c4ae396d82bf43616d1d3cdbd63cd498c189a95359db615e067c33d2f42fe14926d2bfd4beda82e5efb879c0f799835f01d5b93410a5fe7aaa312cf24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit