Analysis
-
max time kernel
116s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-es -
resource tags
arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
18-05-2023 22:58
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://urlzs.com/TZtV3#[email protected]
Resource
win10v2004-20230220-es
General
-
Target
https://urlzs.com/TZtV3#[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289318743679733" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4924 chrome.exe 4924 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe Token: SeShutdownPrivilege 4924 chrome.exe Token: SeCreatePagefilePrivilege 4924 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe 4924 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4924 wrote to memory of 4828 4924 chrome.exe 82 PID 4924 wrote to memory of 4828 4924 chrome.exe 82 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2200 4924 chrome.exe 83 PID 4924 wrote to memory of 2092 4924 chrome.exe 84 PID 4924 wrote to memory of 2092 4924 chrome.exe 84 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85 PID 4924 wrote to memory of 4308 4924 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://urlzs.com/TZtV3#[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4924 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd134c9758,0x7ffd134c9768,0x7ffd134c97782⤵PID:4828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:22⤵PID:2200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:82⤵PID:2092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:82⤵PID:4308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:12⤵PID:220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:12⤵PID:116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4616 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:12⤵PID:1592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:82⤵PID:4104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2908 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:82⤵PID:5064
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4292
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144B
MD5a0ea46fff76b7195cd34bad3a7e4074f
SHA140e8623e40f37bded7b5008d47d8ff9595c2b72f
SHA256649831a0c47f41be4609570d587d68c2bdcafc528330e8615b7bd8a72f8e206e
SHA5128c78de7cef49818c7c7389dc9f8e5117f7cde8ad8e1dd1ddf6a945c154c2d21c2733be988bb1f0d7453ebbfd20b5ba5fd9102ca831817b2fd24be2a34da53940
-
Filesize
1KB
MD52b4185dece253b1de0a656918feb9547
SHA1441d8ced8fa1b4b95fd63ffe636d23d2791aee0c
SHA256d23724c8b0143e2be5a7ed4cbf64f69a19566305543cdecedbd468b45d2c15ee
SHA512208e52c6fb469aa4c90ffbfdb5d7781a11d3286bb42df3931e2455c66a86bea9df05b42d7fbd49f2c9156dd3a89dc1364e863f5a7240b25a4b990d837b5779d0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b0559e98-0100-4e47-8226-96f4b87b9f6a.tmp
Filesize2KB
MD5d34bbf24e016784fc235035dae390f39
SHA1f6584f9d9daa5ff00d1b82a9bdb5312f64a3bb8e
SHA256b0a53f0b519da17cf8d01e2028734a8f6611905cdb4240d45f6ca0901474cc27
SHA512cdd8391f88b9b24b386d7f01c920591fc20b358f6a23569a1cef096962167091953295febf27a48685bd2f6229c42972fa42c709473db8fac38cfc83c0bda443
-
Filesize
4KB
MD53e93586203792a2b74b39048ed26093b
SHA149ee9739998b01ad3d12e69aa5f394c4f3559ddf
SHA256c2c24039a33b010caa6f38b7bd06fd7eeacee70d7fe1bbee258a4ef7bc9b9c82
SHA51278bd598839de18219857fb9cf200d16c33719af9fa6f5cdebee4e8f68dc57ad5df7a5eae8b22a9a76a8126135af77cfb6558137cca4b352d71845ce5959491f5
-
Filesize
4KB
MD529e627b5ad4e17b39216364c5ea3f43f
SHA104db1ff07321b64d0d1f24f6571c85ff97cc52bf
SHA25654fba5135b30b2a6f3fd9eae947880965c47b0daca1091740765e3219038bb43
SHA51278e2e8d2e8e39e04348f5805f2c8367bdd73fedaff93c81b08aac51e77d72e2f800fb2b167d70627e298600d0c1c5a98d83f2dd2e90c0774a9cc90c164d5a46b
-
Filesize
4KB
MD57418cda1efec523fbfae83fa626dc64b
SHA1c2ad520788ac67e0c8e0c330eb66255a4e7fd8f8
SHA256377e3ad7f416d4bd669275bba1fc4cedb9881b7e3da93ab9ed7d62d431f91da8
SHA512cc505b3ebc92022a47bb3ea10200383fe149f81176597da796fd19ba7779ede2d5b48333eebd62972cc8691d69e905e06d155c2967f817de8cf515404ebf21bd
-
Filesize
151KB
MD5baa4cc82aee336c8d732db89784f5444
SHA164ff179373da88d543fd120d5e22f05ab536b32a
SHA25677eee28cb6b2b223a87b639427c8117fcc35eb305cafe9d10f0e34f460cc7b31
SHA512605d169ed87ec5b28a77af1f63d5e540833abd72ac3b61ffdf1f5a9a98a158c7ada72b906e8a852590bb1596b433c680d276b457c020184516916b96cf2bdc23