hxxps://pumpedpancake[.]com/v2gkhQTqdCCzf8e3BMKowrO26J-fW7dKpbowdt8xSiLazTgrXu_2uCrdsd6IdYP9nxQ

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2023, 13:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://pumpedpancake.com/v2gkhQTqdCCzf8e3BMKowrO26J-fW7dKpbowdt8xSiLazTgrXu_2uCrdsd6IdYP9nxQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289843600139170"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
676	chrome.exe
676	chrome.exe
3124	chrome.exe
3124	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
676	chrome.exe
676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe
Token: SeShutdownPrivilege	676	chrome.exe
Token: SeCreatePagefilePrivilege	676	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe
676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 676 wrote to memory of 4436	676	chrome.exe	83
PID 676 wrote to memory of 4436	676	chrome.exe	83
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 2092	676	chrome.exe	84
PID 676 wrote to memory of 4600	676	chrome.exe	85
PID 676 wrote to memory of 4600	676	chrome.exe	85
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86
PID 676 wrote to memory of 4232	676	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://pumpedpancake.com/v2gkhQTqdCCzf8e3BMKowrO26J-fW7dKpbowdt8xSiLazTgrXu_2uCrdsd6IdYP9nxQ
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd340c9758,0x7ffd340c9768,0x7ffd340c9778
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1812,i,2680038578905404492,11811127648878392430,131072 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,2680038578905404492,11811127648878392430,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1812,i,2680038578905404492,11811127648878392430,131072 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1812,i,2680038578905404492,11811127648878392430,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1812,i,2680038578905404492,11811127648878392430,131072 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5008 --field-trial-handle=1812,i,2680038578905404492,11811127648878392430,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1812,i,2680038578905404492,11811127648878392430,131072 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1812,i,2680038578905404492,11811127648878392430,131072 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2772 --field-trial-handle=1812,i,2680038578905404492,11811127648878392430,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3124

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4868

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9912cc37ed232f7b7fb2927564dfc2b5

SHA1
e669fc181cd8135174b8843c565ed5360281108e

SHA256
028ebc1672d9b0851d24c49c18be6ac3b109e23cb696f1eeb640b8c9c0dad0f3

SHA512
74dc6e9cbc42c9e6615eebc23dc268d5fa335b940a53db0476ac0d5d865169deeaa54ac37376e704779035fb994edf0595fc64e3386e1f4a0af790951c8619cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
90ffb166560835f0c40c37315d877a87

SHA1
cbf84d0b398abe86240e56cd8ee518f38ee5e4b4

SHA256
888ced00a54424ee88bf3c387bca14dcad7449a7f5ff9c0420a120f8c94186e5

SHA512
4d2dfee5922f45135ff32d808ac73bb8521c902eb7078f677e9c9b1f7ec2619e1f20fde5ce678bcdd37ececa91387f35df2fc4db083ca07a77bb27ccb1f90a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
762d7a197f871f7fb3326fa7093823fb

SHA1
d147f133379016d407fba357623a2607c0f230ad

SHA256
281a880ddf0b9ec71b60eee5d2d6bcb66adadd55c478cc277d97f67731613630

SHA512
ee96ee6f67271c2da88a2e033fe9c6e0020131dcad948db5c9f6194ec8e6c2367bd5fbe2f22342fed7aea27247a55c9a40a6161d0520f23e7eaaf58bef8969e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8c40aff87bffb2427367d56c11e521b1

SHA1
66bfe2db765901c342aa72c9984fe3226cb1e0e4

SHA256
65952b6b7b569360cc279164783f6522bf295cf65ed2eea6f39d191db0d7f7a4

SHA512
b746c1879e537bd9365cbf52ca46c98c1e721337c59efbdd16729fa21b00c4043ad52431bd584b2aaa4b356817841d59211204b8341be0082cda0a23a620754b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d5769dab705ab20aad4cf6702b9c131f

SHA1
2cce2e769ebe7a2f76dcd5ecbc080116661d1ae9

SHA256
022746a2ea51caea8bf84bf88833cfd2804e052aef1d1fc24f373c737df2e989

SHA512
6a3121812dd56de655f964c0ec046334abf8b10e7ac2bbc9440b959313224ec589df78a5d4c9239cdcaf0cf6ed95f9780777414e140ff7b0287bbc04c8620606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
dd5a2197f7bb4d443448971d5421ed0b

SHA1
9b6f25e034607ede1eee65c82971ffdaea031967

SHA256
48e45faf533d05d61e96031ebb34a240a8d9440396aa1251f13b08a4080f4df8

SHA512
35b26b3cd92e7276db2776c405ab9c5159e8a681cc060f364e58c09cf13f54c3aca15c446b84cbd9c973c6b2ba9eb2e92c76a9d7c99f60fe277617f6bbb6e280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit