hxxp://preciosalighting[.]com/

Resubmissions

22/05/2023, 08:19

230522-j7yhtahg4v 1

22/05/2023, 08:18

230522-j7pwnshg31 1

22/05/2023, 08:14

230522-j5gsaafa35 1

Analysis

max time kernel
31s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2023, 08:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://preciosalighting.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133292241166591106"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
60	chrome.exe
60	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe
Token: SeShutdownPrivilege	60	chrome.exe
Token: SeCreatePagefilePrivilege	60	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe
60	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 60 wrote to memory of 1372	60	chrome.exe	83
PID 60 wrote to memory of 1372	60	chrome.exe	83
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 4424	60	chrome.exe	84
PID 60 wrote to memory of 2744	60	chrome.exe	85
PID 60 wrote to memory of 2744	60	chrome.exe	85
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86
PID 60 wrote to memory of 4620	60	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://preciosalighting.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff987139758,0x7ff987139768,0x7ff987139778
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1828,i,304631784376778631,13010892130340174893,131072 /prefetch:2
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1828,i,304631784376778631,13010892130340174893,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1828,i,304631784376778631,13010892130340174893,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1828,i,304631784376778631,13010892130340174893,131072 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1828,i,304631784376778631,13010892130340174893,131072 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4808 --field-trial-handle=1828,i,304631784376778631,13010892130340174893,131072 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4924 --field-trial-handle=1828,i,304631784376778631,13010892130340174893,131072 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5156 --field-trial-handle=1828,i,304631784376778631,13010892130340174893,131072 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1828,i,304631784376778631,13010892130340174893,131072 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1828,i,304631784376778631,13010892130340174893,131072 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5280 --field-trial-handle=1828,i,304631784376778631,13010892130340174893,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5276 --field-trial-handle=1828,i,304631784376778631,13010892130340174893,131072 /prefetch:1
  2⤵
  PID:404

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1824

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x490 0x4c0
1⤵
PID:3012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
528KB

MD5
cfecbe84ea042340f13fbfa2cc22bfc2

SHA1
0739116462c7bf0fdd67c2943259c93f12aaa79e

SHA256
66474c428d15dae3290700afffb87a14455dcc16cc3da959855a1d7601720b91

SHA512
2e2a500b0bebff68fc1bad33afac8c51a860946eb9155dbb63f3a8fbbd0b09448244e27e939baf40ea0db3f3cd398eb4ce29d7058906b1693b0640ca21c51999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
30acea31b10b01b68f587528d5c2f6dd

SHA1
cf77fefe7fc5ce6539503e433ed955442571ec73

SHA256
3c10b3b3b2729466f59ddec891d818c174f2103a50295c4284d4b5bfd7e8bd17

SHA512
a504045d1001f3a2000157fba48bcc2af514b7aaf2ddcfa8f6dffda0cb1734fa3ffc8c39e4eea923bf90c860128b9a12cc3227c763b6d6e54c984b63887d6297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
63af44c8e220ca5a9fc410bbcecf6374

SHA1
4bae0537941e08a1ee657529dc05378a563bce37

SHA256
d2a29dd99f203d6746b554d6f2c147b290866e0d353ab28113424163d31c6d01

SHA512
1541a4b427abff08a3dae2dec09b5ebf08af60cb06adc0058fc3ad3e1b32ab5356d85792a268d82aaf3b917a23ae10f5080468416f9a3da314894941f4e6511a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e4b05b62b786a5b01009c8fb9e2eb5f5

SHA1
2d46d591c5c120da39865fabf77c1a08e10664d3

SHA256
1bd2004d2991c8ca8a0b844314019f08ec556d392ce1cf4d4cd21be35e02171d

SHA512
0753e15c54eadd61dbb6e88464ae738bc091af56cb46ec65fdf28a1fef769e3a7813184fdeedce18a091a33231d674836e9714fad779533dc502fe82e9d7f81c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
a81e25b55a59e455b294acba3af9988e

SHA1
87636310e98c6ac3cd8575b79858f9cea4b66bbb

SHA256
84042e6aa6e2e9b099f5351bc4eb61dac4b3051dab733e8c9fbf9bf293125759

SHA512
0e7909e04143947dbbcee3bc866442717498b66d22a4408cd1244c3c7825419bbead21725a45b33b57880e2a87f36ae09bdb9b56a178ba810ce0a0b938ec25f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit