hxxps://ipfs[.]io/ipfs/QmWyQRimq4ULbqyRY3JS97F5fYBCUV7a9jNLZEeQ5Ca5HZ

Analysis

max time kernel
48s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
18/05/2023, 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ipfs.io/ipfs/QmWyQRimq4ULbqyRY3JS97F5fYBCUV7a9jNLZEeQ5Ca5HZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4912	chrome.exe
4912	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4912	chrome.exe
4912	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 4256	4912	chrome.exe	82
PID 4912 wrote to memory of 4256	4912	chrome.exe	82
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1992	4912	chrome.exe	84
PID 4912 wrote to memory of 1644	4912	chrome.exe	85
PID 4912 wrote to memory of 1644	4912	chrome.exe	85
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86
PID 4912 wrote to memory of 2260	4912	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://ipfs.io/ipfs/QmWyQRimq4ULbqyRY3JS97F5fYBCUV7a9jNLZEeQ5Ca5HZ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa77ef9758,0x7ffa77ef9768,0x7ffa77ef9778
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1308,i,7316349837085652120,13435885465898791750,131072 /prefetch:2
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1308,i,7316349837085652120,13435885465898791750,131072 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1308,i,7316349837085652120,13435885465898791750,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1308,i,7316349837085652120,13435885465898791750,131072 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3312 --field-trial-handle=1308,i,7316349837085652120,13435885465898791750,131072 /prefetch:1
  2⤵
  PID:1148

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1116

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\83a34ac2-5ab3-4ea0-bdf6-682abe62040a.tmp

Filesize
151KB

MD5
65213610825fe0818252b11559a9bfb8

SHA1
7ebfb1a30e4b35b283192ce91611caa5cc8912d8

SHA256
fc1f13b9cedc435d9d12e755dd7b48f0d64eed431f01184cdd0e1a1a09b73ce1

SHA512
be9c7b83b931758e984776c14b29be511b7766cdf2094216ed79a0481ef891c67ebc8b6ca165f5a579a6c132051fb563fdbc10f74fa7021999dbc1c3c43be204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\184d5c3d-2d55-4a07-9c62-e2f2cf598091.tmp

Filesize
6KB

MD5
6eb03bf651466ae1fece6d5e5fac5e6a

SHA1
9e205557abb6b30f202a1bf2298cdf88a7f48cbe

SHA256
30c85e56da23e01f016359f103ad486835c296345bd79bdc35d30d5a7b8f860c

SHA512
91ee489b8ee13b2b3ef8ab3bdc0b9aa1b0aefc71e9fabaa95c27ab9afcf73301eff26b8f29caa879b12191afbef5f1c2bd56b8dffee8f6676966370f006d876f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f28b459917a84e3fcdb9840badfe4dc3

SHA1
610b3b7a4808fc05067a9f7261a0bd0c7a7fd1a8

SHA256
f7bb8005b2234a3b4701402676d6d2241e85dd663ce57fc075987bb3e9b65a74

SHA512
4677fbc34d32278eec296418ab8e92c0a9d102dda5d32cba001186028cb067803829cbe6cc78472630547df54b0079c45f8fc30f36f42ace02a584dddd3563f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\415442ff-0070-43d5-ab39-8c40c1ef1af6.tmp

Filesize
1KB

MD5
bd6849c576bb874e5c8df9796d798e73

SHA1
4f00e4d07f0c39fb4423472b68cb232ac1920059

SHA256
5ab2f6da59adeaca79b2a6bbab4a2de735dedbf814cfa9ad8b96a6ec0074d9ad

SHA512
397d99c1bba88985a61ebd4cb0b51f69d8052486674ee9569365946ba489fbeab80e3f6cfc46cd0af6bab8674e275af64f94cc9705c90850247e522f295f2790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4d762f56a2ca66db2b57454ba5172347

SHA1
8ce618559a5fb3d6e354dc5a810281243a7e6f37

SHA256
14a971ec19002316902b8723b358af96c27d3bcffae0cdb2e0040eea3ceffef2

SHA512
178ef2766cff3dcf696a9ac0ea80c429f6a5cf80b02c2f2427ecccc7f7cf4aabc1458d77fa9d73c43ad973c8ac3506dbd2a877f67a689f3a25576b740b92d853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1be6c5c31d9fc5c3b2ea8536f74bba24

SHA1
e9b4ce3d2a66e57c9d4d1fba91d48b233b8e5b8a

SHA256
384332eda8d888fcc56593ebe04e75b437df78ef20cec4be60484b453da48fef

SHA512
8e6562436c0361d47f87f02250ce75eb0ddb8a4beedf8cd9848c38625f2cb4e29405491350818ef9945f9031479f3739fa0531ef80a4fd151a220302e4e464bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\cf27f1f6-9d6b-4518-84fe-8a780e68e373.tmp

Filesize
1KB

MD5
a935700c18ce92f63ff5f5da822f4869

SHA1
91442a94a4cf6446c73a92231b3627bc4e1c9eb9

SHA256
40bf9f682b07fa123a1c0c47e8a5c910445131e128ceb3e58f81086934be226b

SHA512
994cbf38ee87acf4b0063df3a6dbb53d3ca6b1eb264c41baca8304e5b5160b1e85691b1b9bc9d4584869e24b58b667f9204ef548985ae80d173680a3d68f69b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3aee4171644154233a7ed020b6285a43

SHA1
71d7a69f361c0aa1efbc0352386ae61ae1747faf

SHA256
a6a8cc60e979c5c826f871f1ce4f69cd102f23f4dbfa2bf7827859da003a7c47

SHA512
01f7fd143b5b3e2cb6f31d327547625048c5693f333c6d34c67ced4a6cc5bf742257874a48d7e2a73a57f3abd4f2d489f8f416e4d6fd2f73f14a59f7ffc74fd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6543b569789399685728af805c18c941

SHA1
2d5eeb2057ec5736d1e856aad50c649cb291b082

SHA256
333f065295d916f0cc3c8f31d8c7a8c4c06f3f263c987c44f334b9862c238f71

SHA512
d014e967eb54127682984499b5dbeb119bbebbbe8fa63287c7079f8aff6fa02fce36dee26f652b2a2f7c89b56de5809d590abeffe1b64b694906b6d59f2c12a4

Download Submit