hxxps://09j110036[.]pimshosting[.]com/

Analysis

max time kernel
120s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/05/2023, 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://09j110036.pimshosting.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133288676694267610"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1696	chrome.exe
1696	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 3340	1696	chrome.exe	87
PID 1696 wrote to memory of 3340	1696	chrome.exe	87
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 3908	1696	chrome.exe	88
PID 1696 wrote to memory of 2964	1696	chrome.exe	89
PID 1696 wrote to memory of 2964	1696	chrome.exe	89
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90
PID 1696 wrote to memory of 4024	1696	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://09j110036.pimshosting.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd74129758,0x7ffd74129768,0x7ffd74129778
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1812,i,9986008386349846847,14825999022872950930,131072 /prefetch:2
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,9986008386349846847,14825999022872950930,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1812,i,9986008386349846847,14825999022872950930,131072 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3232 --field-trial-handle=1812,i,9986008386349846847,14825999022872950930,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3252 --field-trial-handle=1812,i,9986008386349846847,14825999022872950930,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1812,i,9986008386349846847,14825999022872950930,131072 /prefetch:8
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1812,i,9986008386349846847,14825999022872950930,131072 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4992 --field-trial-handle=1812,i,9986008386349846847,14825999022872950930,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5096 --field-trial-handle=1812,i,9986008386349846847,14825999022872950930,131072 /prefetch:1
  2⤵
  PID:1880

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2856

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
21db07d6aa714fcf30a45a81127a3fc7

SHA1
ac4259057577e62be2ed021faebe4b7a46f7018a

SHA256
ad05ab3be78c754f3bf6f50c3d70e6c26c08ce732169d74b03620107f388835e

SHA512
dade3a9a5e2cf29536989c0af0f94b0d2592d534501449ecab75d11defcf46aea6e8fce04c987296be6425b536027fad0a2996d339c52e58f463bba0f2c14f5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b41293672d7e1889fda740f3172dde3e

SHA1
f7e6b1d68a8e90b8751124ebbd91024ad1da1fbe

SHA256
1e076cea01ce02ffdba3f97ef9592a6ccd075585ef205c4d051f977438b4c77e

SHA512
6c077cf329a00ea1a0c3d2438c8fb87dceefeea28ec5b49debcbbca7be6810b061eee9682f886458a98d2a4c79feca83a21f8491f3bba2e225423825ad338147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
918B

MD5
961f7f6d5d3aa54a0f0093fa69079238

SHA1
64813a2a5ae15f8e24d7b188bb2d2d1745dcaf65

SHA256
516e3e6eb6de1401c2b7da08113db8d81e9485bb4aff561f2593f967625169ce

SHA512
a0a2e2d296c0732ef253d4b59889685a67b2e4e745bfe3f3ba89856bdc19a4084cb0593dfdbef11bd2d58cdfeaba0bb95f824234f10a4c67bd05e8d0add6244e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
18dd21ddb78aa8c4c3c8e5de021626a6

SHA1
8695a195b034374eb1af9a25b714ad4dca85da89

SHA256
f0ddf1765795e523e2864ff60fdce78d0a655548ad6fea3c601e52ecb55ae9a6

SHA512
e9a76b0c930d419be3f5bc771d10b09485e68b73b01ddcac78190524e6c767cb5ab6536b90689bf849cd96e89f4d2c12c3967a33c69dd21a1f074f0d184c8efa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
300a15c5037069e747ce4be9e33c3f7d

SHA1
c9fdcc92875db6c8907c2298d384c45919a89170

SHA256
e7b75b30f9cadba17f40de4bda5941fdc03503f40d3426a10650c81c31826ce2

SHA512
815a8bd0634decb05cead42ea0c404519cb37a9f69d3580df862fabb2a3debdd339069a8c25e65be9559ea92cd921d4766bdab0ab0c62fa47590e87b91cb3cb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
40785e5ffca812ded45a3dbf4f44b344

SHA1
b6b7ab91eaa2e8c9e37cbbe90eca324a0747ba83

SHA256
35b25a85fefba13b681bf3309cf82b3d8df588cddc952403d969aa1b4df7f692

SHA512
049f5f8c1bda4ac0f0d15e7632d52cbe1365e65722fe5c97d7b2efdc4af1a8cea270ac919f3a24794435eef6c614016955059c62b4f38a3fd8ebb219dcbdb1bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e602d2bb05ef40652b88c67cf7c6c84a

SHA1
d66b29c486e41c4ddef6a77da8df4c01c8c485ca

SHA256
16806f8aa07d4f5d0aa1307c4fb45af410e741e7c6f72ae53b6aa20a01069c0f

SHA512
f08c93ee4d7b7d7cd4ed3445f0b98c08710ae7bce64272acec3ea646b333418a84c58d21c3cd0d2be7b525a209eb7402f79746134f1aa9ef67bbd0fd58188eff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
5448b349c6ac54e4e37c97fdf4c04cb7

SHA1
3034123226d466a184a6070427892b9d8ac05bd4

SHA256
0c969024806312ae5acdcdac8fb4c9a6c7517b418fa2f285e7fcdad44016845c

SHA512
291bd7881036e4b76a9a66f34ca4213501ea2940d9846905efdf3e6b0d9cb468f608d9896134d9fe94650b3f81a2733e06169d37ea5ceda4a7c10f3f10996571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cda709e0-f469-4532-8abd-03c6a715a3f6.tmp

Filesize
151KB

MD5
12c3de36a829ccee297d42ed81f8dc71

SHA1
e56edc996d62828fdf140e9fbd42bd9854ba5868

SHA256
7b434e2721fc438b052e77c2fff68add5a323ed40ed251ac88ee2e18af3e59fc

SHA512
ed387402294893481002a91889c3b1327598a667c37a01af9a9144e7896211dc304ee198be4d0b2dedabd675e5179203f2c6a29724d86344fc547187c58793aa

Download Submit