Analysis
-
max time kernel
59s -
max time network
62s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
19/05/2023, 06:44
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://i-item.jd.com/100009278449.html
Resource
win10v2004-20230221-en
General
-
Target
https://i-item.jd.com/100009278449.html
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289594766758474" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1760 chrome.exe 1760 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe Token: SeShutdownPrivilege 1760 chrome.exe Token: SeCreatePagefilePrivilege 1760 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe 1760 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1760 wrote to memory of 2740 1760 chrome.exe 87 PID 1760 wrote to memory of 2740 1760 chrome.exe 87 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 3468 1760 chrome.exe 88 PID 1760 wrote to memory of 224 1760 chrome.exe 89 PID 1760 wrote to memory of 224 1760 chrome.exe 89 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90 PID 1760 wrote to memory of 4448 1760 chrome.exe 90
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://i-item.jd.com/100009278449.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1760 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffc9b9f9758,0x7ffc9b9f9768,0x7ffc9b9f97782⤵PID:2740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1720,i,5767400745608360464,13193299382978002650,131072 /prefetch:22⤵PID:3468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1720,i,5767400745608360464,13193299382978002650,131072 /prefetch:82⤵PID:224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1720,i,5767400745608360464,13193299382978002650,131072 /prefetch:82⤵PID:4448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1720,i,5767400745608360464,13193299382978002650,131072 /prefetch:12⤵PID:4828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1720,i,5767400745608360464,13193299382978002650,131072 /prefetch:12⤵PID:3848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4792 --field-trial-handle=1720,i,5767400745608360464,13193299382978002650,131072 /prefetch:82⤵PID:4864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5352 --field-trial-handle=1720,i,5767400745608360464,13193299382978002650,131072 /prefetch:82⤵PID:3704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1720,i,5767400745608360464,13193299382978002650,131072 /prefetch:82⤵PID:3972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1720,i,5767400745608360464,13193299382978002650,131072 /prefetch:82⤵PID:4336
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4208
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x424 0x3081⤵PID:5060
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD50fda97a040c730c866913cc4339ae7b9
SHA151f9a4e3b374484325721ecdcdb4cc2da8262276
SHA256d5d19938c7b41de0adeafa42452b211271fcbf8aa657a3ea36d7309dd81e028e
SHA51211ef218293c867c02e76d94056171c5fcb29a4bd6a8e5fbc8e8458e9362c98718973285677909570dbc13cbcc0ac21e3b4d4fb96577221d526043f1f6d5c18f6
-
Filesize
3KB
MD58cb97b9413504f651eabdcf7f6af3e3d
SHA1901336129e81359080412a1d47547fba7aad7160
SHA256777844d214b10d4bc33e6a0e8230f3278d39c0493bd75d9b4e970c4d67e3999f
SHA51280e5cc11f3d20c1b2255729e1bac13ded56744e85b744e1be83a172fa7b5a5411685dc0897dcba4e719b3fcc893bc5d3548a1568c43b7dd0419a8ef2e89dd25a
-
Filesize
3KB
MD57356b18323f76cb5d7dcf8061f894146
SHA1f501df574290a8d531451e69e14187e2dd21a876
SHA25671c9e9b8efc4e86a012240e7172dc320ee2770c94c87686930e55184655aeb99
SHA512b8adadaacec5fffeecc6fd4aa37392445894abda6871b6c5f3fa717fc2250ea63ab6b102be9e0c0352d15e499d5aad2b88c614e305fa517d4bff5fdadd83bbde
-
Filesize
6KB
MD505dd41a048afc3541c4a91bd567d92ad
SHA1e283c1abecea662f8f428751e8474ae6d7fbe9be
SHA256947f6fe399187fcb5da863197c55672954f2a2cc004f701a1213c2a539b6dfca
SHA5124a75e7db11da6ff169e99bbd7b672a7b3447305228520b579b8bd0c51eb283d5cc33193897619b67dc801f9ae26ca734c8ab0f2e0ba61b128f03cb5f6435497e
-
Filesize
6KB
MD549c1462300b4e35af2326f5008392388
SHA12fca872c309e4a3c9c2a17db873c52957d14b1df
SHA256e66b248db1a865a6574bd053fc268298a991afb88cfb74aa725818b03ced794f
SHA5124328af3f0fc95ed2fff9cdae08dbc8c5dc171b8efea831d4aa361d2df16ce79e9911d19b12348c7e7abe27d4f4ea0ed05186008b5beab3988da174abbef806d9
-
Filesize
15KB
MD5b14a12a015c8f36f5f192c129636136d
SHA12bde3886daed5b6912250ee1c1dcac3de793c43b
SHA256ab7f55a6e55318a3e9dce045a73d51fe67009fbec40396665660c46cba7a49a8
SHA51204af9d59fe4affde5837720eddc56eed8fd70f64c3e148961be9a2f498739f5f256769b6c51e6a8f3761d09411584c5101f14fae05d2015a332e0f7a585bcac4
-
Filesize
15KB
MD5bfe2159e880322c3ef304b1b32ce1b5e
SHA13eaac805ea8bfe7f7127b787d85a9b000ab97ea3
SHA256a734bd7c73abc405679edbe5bc424cb33ca236eb48228c7794c1c879b9603eb4
SHA5122e5005b3a8b8788fad2e3fa8ea760df89195153b55a0d582b226f1907186cb7332b73e21ffebf4818c0dd3635b639e63d2086ed9328f81ed7f0a89a74215ad32
-
Filesize
151KB
MD5d8a4309813c445555d189f171be75249
SHA1590290675fff15edbcfb8edab299e0fa0e92b04b
SHA256dae7ec70cf4684646561d2950e3c3cbff11311617dbb0a07ad7ea9c4760a9c96
SHA512016595188d3149ab54bb81e2658db43d6d3dd54d064360bdf6d520ffd2f1a9ae6e383bfb695f0f239677514d65ade510ed4fd5da990f3660355d6d443922ed2f
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd