hxxps://shardeum[.]bridge-claims[.]live/

Resubmissions

18/05/2023, 18:29

230518-w5cvjsdd27 1

18/05/2023, 17:42

230518-waarpsdc22 6

Analysis

max time kernel
1801s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/05/2023, 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shardeum.bridge-claims.live/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289082145114351"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
948	chrome.exe
948	chrome.exe
1304	chrome.exe
1304	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
948	chrome.exe
948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 4572	948	chrome.exe	84
PID 948 wrote to memory of 4572	948	chrome.exe	84
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 3156	948	chrome.exe	85
PID 948 wrote to memory of 1996	948	chrome.exe	86
PID 948 wrote to memory of 1996	948	chrome.exe	86
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87
PID 948 wrote to memory of 1336	948	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://shardeum.bridge-claims.live/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb46e39758,0x7ffb46e39768,0x7ffb46e39778
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1816,i,16486828058475961952,12002669722264989170,131072 /prefetch:2
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1816,i,16486828058475961952,12002669722264989170,131072 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1816,i,16486828058475961952,12002669722264989170,131072 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1816,i,16486828058475961952,12002669722264989170,131072 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1816,i,16486828058475961952,12002669722264989170,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1816,i,16486828058475961952,12002669722264989170,131072 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1816,i,16486828058475961952,12002669722264989170,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4528 --field-trial-handle=1816,i,16486828058475961952,12002669722264989170,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1304

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4016

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
a5f08a54c2ab39131b904a1e48278e61

SHA1
fba6e291aa29932a7ea0d735c9e77d301f376f5b

SHA256
0df483864d10a4ad9a50b5728db1c266f11247ef6306fd432abaa35787ebd4eb

SHA512
b843aa8bf861ff7e74e564a84dcf5ad58f87fca047480374eccb0faa2d0d99da0114d0d21fcca88efa1cf34c8f7b8f7c01b1f7c9fb56245d17c65811f0fcaf48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cf3a4db409aea3acfcc92be79c052b0f

SHA1
5af92987982828ddd57d01fe2ee19b3688715a40

SHA256
94684f7a99ab8d4e1ca731b5223554891906eef96606cbbc097503a2974f44c2

SHA512
8d4cd393cb2932eb9c5a46ee557d3bb9a8f994fae8f668b9caa78bf272b319c7747bf85e281c174ef75331e1f9d8eb11a39a30a32653bb2bbbf052f8fd416769

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
276bf49345452b36a7a7ee4bdc68c8b7

SHA1
03cc8d5cdd0804db44befb5da74721d9e25057a0

SHA256
ed133681b09b4fcc3f0c902b0aca624c6fde38cee8d960b50df3c04bca4875ee

SHA512
5f98f8735667e964a81f51c14e0b1e2438fcabc92eb73656358b852ac1fee10eaf9c0c9f404bd2615bc7b67d88e6d27a279c3bea02052e6cbbdee25fce6eff9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e168132573ad6731630822ead43e2c10

SHA1
9687244ec7c9314bf72b369ab2defd40e2ecdb87

SHA256
91dd5ba5e56945000afc5d7af0daf79c59429886ed58bde39c116099ce3fd85d

SHA512
8ade918ef49c0645389c86ad318b58dfdbe355051230939e2ee7c0407be9d854cc20fc53bff5926b70e3d038caff147b2c72c954e58a74e2260735ef84822217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e5479a14182f64908c91697358a82d3a

SHA1
2d64ae21da00f940f5595e41663bed7ee489f5b9

SHA256
78b65f30c75e7bb4b0aa3b83da8da4d853dfcdfd7b46d7fa75a7f81505447a81

SHA512
2c7f37192b56538b4285d1b78c1dd6ba008368cf805e57a3dd4893287e95ff2cdd9d06cb46fc76dbe3634d06863a2fd7bced0eb1b6c6830a41a51ea4ca4023bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9d7e4865a5a4aa285bfd7213f6aeb318

SHA1
2ed6d51f818e072eb4cd770d98612597fafecea5

SHA256
8658c9b621cbbd28f3d81c24904cbab217ca8bcc4bffe474bc1e57959238d004

SHA512
80b24aedf93407ee6e60f2fb998bd134d7efad072e1715a925a3c89671db70bac6f4e6586809dc5d4c1ba5b7a592d513dc1d48c7063483682d5832d557b9b17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
253bbd5e224ebbdeb462264e712454a2

SHA1
b351f967431a77e7fb37b7db7f8c5ea921ad850f

SHA256
68a9c87095bced399e6656ecf1f47379c1acc331be89e82f07a523e6a6e79b34

SHA512
5ea6ba24a3efe411c8398f78fd8275c9b9c9494c277dbfa35fc886d5973049ddccb264f3f20367c9b2821da59f1ddaf41697b02375a7ea0add480baf44e54e71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
e08ede5d72a9aaa510129af7af0b15b8

SHA1
b74f95e9d6ff942dcd61867100d9e0225cfcf2a5

SHA256
d41b90781564dbb2b300eb4922953453c1dbc7d813d100c5d007dd87dd2ba410

SHA512
2bf43d96772838566167b10b99d9703f2b00f59590da1e093687c575ca3cedf3484fbc322d3b94bec82dbb589804e37fc357c17af269167dd7a82f587ae2df6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit