hxxps://secure[.]adnxs[.]com/seg?redir=hxxps://angonfurniture[.]com/New/Auth/sf_rand_string_lowercase6[//][//]hey@you[.]com

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2023, 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://secure.adnxs.com/seg?redir=https://angonfurniture.com/New/Auth/sf_rand_string_lowercase6////[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133294302559086822"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4556	chrome.exe
4556	chrome.exe
2736	chrome.exe
2736	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 2612	4556	chrome.exe	83
PID 4556 wrote to memory of 2612	4556	chrome.exe	83
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 596	4556	chrome.exe	84
PID 4556 wrote to memory of 1664	4556	chrome.exe	85
PID 4556 wrote to memory of 1664	4556	chrome.exe	85
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86
PID 4556 wrote to memory of 828	4556	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://secure.adnxs.com/seg?redir=https://angonfurniture.com/New/Auth/sf_rand_string_lowercase6////[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff93fd29758,0x7ff93fd29768,0x7ff93fd29778
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1768,i,3007227172882624575,7291809896573569969,131072 /prefetch:2
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1768,i,3007227172882624575,7291809896573569969,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1768,i,3007227172882624575,7291809896573569969,131072 /prefetch:8
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3244 --field-trial-handle=1768,i,3007227172882624575,7291809896573569969,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1768,i,3007227172882624575,7291809896573569969,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3032 --field-trial-handle=1768,i,3007227172882624575,7291809896573569969,131072 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4772 --field-trial-handle=1768,i,3007227172882624575,7291809896573569969,131072 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3308 --field-trial-handle=1768,i,3007227172882624575,7291809896573569969,131072 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1768,i,3007227172882624575,7291809896573569969,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1768,i,3007227172882624575,7291809896573569969,131072 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1768,i,3007227172882624575,7291809896573569969,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2736

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5796f298e72fcb1cf047f5cb219060e6

SHA1
b42fb784863ca94b02d8a4e7a1510e5348e40fb2

SHA256
9bf9d7fc249c82da6213d8ea88aeb345655a54d51a94917f0737b5b6ce4a68a2

SHA512
c0cebbbc63825288abf76219a7ed837256db3bc5d4e118400c3081c702b63ab711b57a0f65f8e80383dc5e298cda8040f40602175d94d4bafa878e6e8270fa62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
61656f72a67fd2badae7f4068a2573d1

SHA1
5bad3cf6d98f789473d65f2ebe8209e7ef30393b

SHA256
405afcc3b68ad76a913f66a75393601e3cc3fadb996b7086eef95466b09952a4

SHA512
bf070863a36377fb4842171d8410628d79d9c5e0a0524dd92525e18dfd299d4fa1eb1ecb55162352e4c7e57883dc49c53dd179cfb9bfa5a5ce015123c758ef0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5d4f533caeba2760f9fdd426843592d9

SHA1
4a43ef2b6df82d61dca46367284fade3e26e8b9c

SHA256
a8933eb9c944f0567e64c7ce9d1edcf19faa30333e68113fe00927b024e5cd3a

SHA512
180d23650c6e8d8fff70c10d3c9881ae01e7be803a3e8692f711fb15a40d3b0980abb90e140bd35e345a3ff2ac54e8ee4932fb2d37eca466799068900fe2232c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d79e78d2790bd3243656de93723edff9

SHA1
1bcc50d8d99f268e44c44d049284ee0d2a0122c4

SHA256
8feb32da01c36e91627b52bfadc9823c99558674eab3b1d2564816259f6246ad

SHA512
31484a3d7f1b54ff107b0fe446ca743cf79fe77520b9a67ae7ec66e7af4a4313c48c1d8266dc06a2a679e211de60469dea351e4948881d644942a862e7512de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8c6ac1a82fe544c4d07c52aacc41b399

SHA1
e9ef310f549cb5d6d488ddcd79c8d1f2311b870e

SHA256
59a90f8b4693ff7744ca732df79fcea3bae8e7068d2cba02d8d743862d0d75ed

SHA512
d3f210f704c4fef4aa8772a54f4170c1dde190f94466f66f55680a280087b6d3c95499bdd8749909d6a2b9b19a610262d1cb7fe7d1dabe8642d7bf9ff558bf1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
f39a03d2f18e07adc67a8d90f38cc35d

SHA1
0f25e785aa24a3d4d3fe51970c5d61f423c10f61

SHA256
65e5ce455bb915d0f4953f7df429a64d08aab7fec6d7850d69d6c2ef91b7862a

SHA512
02df27b5a1ab47b2bb2a1ca9bb39436a389afb1968421c0d890a8e763695b0ceab84985605861ea41173ae6adaff4b8c4d69add0b42b4b2b5bd64651dbe09dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit