hxxps://app[.]cumul[.]io/s/validtion-page-oaakkohm4pwy99w2__;!!OgNkHJCYlf_CHg!Y-HMh1-I916Plz6uEgyJ6IRwT5G5rQcWo4XZaJyMYCAMKBjPWJPK0qiBbcGkU0ZaQ8KElzXXYC-RBz1R97OwQqvXP38l74q_QjtJhQA$

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2023 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.cumul.io/s/validtion-page-oaakkohm4pwy99w2__;!!OgNkHJCYlf_CHg!Y-HMh1-I916Plz6uEgyJ6IRwT5G5rQcWo4XZaJyMYCAMKBjPWJPK0qiBbcGkU0ZaQ8KElzXXYC-RBz1R97OwQqvXP38l74q_QjtJhQA$

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133292659452008208"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3844	chrome.exe
3844	chrome.exe
1228	chrome.exe
1228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3844	chrome.exe
3844	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3844 wrote to memory of 2704	3844	chrome.exe	85
PID 3844 wrote to memory of 2704	3844	chrome.exe	85
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 408	3844	chrome.exe	86
PID 3844 wrote to memory of 2608	3844	chrome.exe	87
PID 3844 wrote to memory of 2608	3844	chrome.exe	87
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88
PID 3844 wrote to memory of 4552	3844	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://app.cumul.io/s/validtion-page-oaakkohm4pwy99w2__;!!OgNkHJCYlf_CHg!Y-HMh1-I916Plz6uEgyJ6IRwT5G5rQcWo4XZaJyMYCAMKBjPWJPK0qiBbcGkU0ZaQ8KElzXXYC-RBz1R97OwQqvXP38l74q_QjtJhQA$
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90cff9758,0x7ff90cff9768,0x7ff90cff9778
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1896,i,8827997500931326141,8721549979226875258,131072 /prefetch:2
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1896,i,8827997500931326141,8721549979226875258,131072 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1896,i,8827997500931326141,8721549979226875258,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1896,i,8827997500931326141,8721549979226875258,131072 /prefetch:1
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1896,i,8827997500931326141,8721549979226875258,131072 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1896,i,8827997500931326141,8721549979226875258,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1896,i,8827997500931326141,8721549979226875258,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2740 --field-trial-handle=1896,i,8827997500931326141,8721549979226875258,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3892

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8ee0384e-a2c6-43fd-bf51-480d8ae3b328.tmp

Filesize
151KB

MD5
c9dede81f81f061e4078c3f4fc0ef402

SHA1
3bd992fa45a2b7f1d60a74d5cba28588b7975262

SHA256
ace7be1663be928d26d0828e7bb2a45ce91a1c5f45ae5eda80299585b8b45734

SHA512
f99f38b4d13b700b3c1e39ec33012937e1d12c230a850d9eabe7e1b17e551b984796194669cd7fd31290c07b2ecbc280da1945271bb73a65b98a1c82b99f7858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
85c158608e67200e8e7846f8de29f352

SHA1
f64cddb2da4733c885fb9f4427fbbbab129132dd

SHA256
e3611e22ea4b0c12c02d694767037873888fe0869b78abe77897ff2336376e72

SHA512
e65979e47ef2f42d12c256a7c6742fea9b65ec9a0833c9956c7a0e904020bb4cf8f8c0a2d4d6e1547811bfbb64a7c27727ef7fc74ff90d08f95830bcb91b035c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\620c1aed-878f-4246-9ed5-71e0561bad71.tmp

Filesize
698B

MD5
aa659abe3dbd55a7fb2d98ae43a25de3

SHA1
4d06690fad52bc9b76f2851486c25eeb6d46ffc5

SHA256
b58c19a99e0d2080ee8b63592488e9c49e7431e41deb62a6aa5072044e7858ec

SHA512
e7dc2dd6b3f6efe4b4fa7d191e8d5892b87bb8361b6abd2d3887dad7a84e8b40d299de9389e9488da06cc12a3477ea38fdc0af218ebdaaf65bd95df6eb5e36fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
a47f61b948eecc80685f80857d204fb4

SHA1
80e7d79ffe4d23c7315b04b59b204ffcbb2d5d05

SHA256
d29357e9a0279b47f573737fcd317dcd0cc16483cb5237349bb3ca57143ed783

SHA512
e8c15d58424f52303c62c80bffea354541740863f4cae5c7180f0b786f1ce319ed99f6c28a76144f4dfba5ee8c87711c10493ecc9a04aa84755cab7e418ea4f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
691b5597bf2d71ad79c8950cfde43867

SHA1
cd2b4e279fbd40424dda7ded392ffe3e4543a228

SHA256
efb4c6bb13efa8483c4e391e8ba1307e272e4e69a0e6d66ba24e059dc35d0836

SHA512
ea7c0001dabccdbdb1368ad6e01d00f33f258bd346043beb91c610f3623e5025e7e355e1c75c9c477b53eaf1767907716d0b2cce0ccda42b6d1719ac60c05014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b7553a7fc4fa06ed4daa59dfafde065e

SHA1
96e39afc5f136adc8fef6ff88bc391f2cc17da81

SHA256
c16871687d71de98d8d72c7a5f43d6986422092b186c4ea2311cbebdfaebc907

SHA512
0fad3358deba40fcf1d15cfe0e4c4d14bbc1565e432bc4c164ebfb548c9c4bda78df2083166fbc2c032adff194147677a90bbfbcdbe3a93e3d9096f975618762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
9fd88b738fcc01df1c7fee7ac335c72a

SHA1
3ca8d74b459687a3b03764897994999a98a78432

SHA256
c9eda8b7800dfb286a7187c0671eafb88bff3f9a30cb3034c858b22f7c1cf3a4

SHA512
31f6fbe17d5266f33f823eba0ab9f817c0905e779fa79256d6a11aff593f182047e92e3df5d2dd6a2ab1e78c767c1c64348e9baf8378739a2df4f08a7edf1b55

Download Submit