hxxp://hqq[.]ac

Analysis

max time kernel
83s
max time network
84s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2023 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://hqq.ac

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133294926013473059"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 4612	4244	chrome.exe	85
PID 4244 wrote to memory of 4612	4244	chrome.exe	85
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 640	4244	chrome.exe	86
PID 4244 wrote to memory of 5036	4244	chrome.exe	87
PID 4244 wrote to memory of 5036	4244	chrome.exe	87
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88
PID 4244 wrote to memory of 2364	4244	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://hqq.ac
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc97c19758,0x7ffc97c19768,0x7ffc97c19778
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1792,i,12588584297430353338,12676528757851742272,131072 /prefetch:2
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1792,i,12588584297430353338,12676528757851742272,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1792,i,12588584297430353338,12676528757851742272,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1792,i,12588584297430353338,12676528757851742272,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1792,i,12588584297430353338,12676528757851742272,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1792,i,12588584297430353338,12676528757851742272,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1792,i,12588584297430353338,12676528757851742272,131072 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1792,i,12588584297430353338,12676528757851742272,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1792,i,12588584297430353338,12676528757851742272,131072 /prefetch:8
  2⤵
  PID:1700

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4164

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3235fc4d-a7a8-4186-b9bb-d741462ea90b.tmp

Filesize
15KB

MD5
b8572be53b8533e086a3718de020c553

SHA1
48a2aadaf170d9cf1fe480632d8d8171f84350f0

SHA256
e56122a5ede0f8e9e6c03d520a4385c210708fac83f9064b56effa511771c319

SHA512
a975b2619a1f8b243f284baedb1106ca94c32b643587f0419059ce19366b5ba0290330602b80fe5f313d13a32a5a37ca7eb081b10d21ba9373fdcaa44b5b03d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
54f2e87366a4afd740be6329f08114d6

SHA1
047090dd00a3110e9893d4ca9c6f00e511d00670

SHA256
ccf3a14da55d01657947bcab38e9838a77f365dc48f870c01d07e5d944543596

SHA512
d5374feb00d632a2181fac97008b05677940b23d3c376d78d150b7f1b90d31bad5a80d0a9b852f6e5a64b659f79bb1587a391bbef12c851f50ca97c202911b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3b8bf3baf725c0941ee220396e94e4e1

SHA1
7d23458056973c03156cf92545cc8f2052cc594f

SHA256
af3f92f8f9b061b583195277d52ae71628cb84d8f50324bfe613bd15eee25d08

SHA512
d427f7704b0a1c4ae452865adb23d3d89f7b3a7ae8120fff6a53bfec28c6d36ca2615f70e9e091320fb4826d055ada8e2f45953d5beff6c768696fb8d4db0587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
7dd46c8fc48cd496c93498aedf138337

SHA1
a9077658960e72c761d85a27b9d231b858262b0f

SHA256
214b491d1be7afb6b1acccf5ee50dbeb81be0227b5c1ede6cf095243df6170c0

SHA512
e439b24f38528f3fcb067355694c6b13f7e9bfb9bab0cf93e35e6d1a89a9f7997eb650aa632623fbe5dd950cfcf34a00f6aa5e11b62bbfef072d0728dda3b2e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
57ff74c862f15464d1006d4dbe35398d

SHA1
aa49880a272a5dbb56b4b7a95dc1a0dbc67a03a2

SHA256
af81f67a953792f3b30a90470f5e7e1d60bf32ef84f0805c40fa623dbb080eef

SHA512
40511056ea1e7bf41a208bcc4a339aab424a9c4a39658b7c4c461384c622cb09399f2440d3c2cb2f84a73669a3265a0de712d662bedba2f7ac954271b8b95f64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ce4e9d499668f5c3d660004e8ad2f3ff

SHA1
f815bafdc5a4d0cd22ff628a3119d09603c9b982

SHA256
d32f856b25a16280c4590d63e5c3b3e9d150cf8ed9f007c5521462f8d7b7f4db

SHA512
066f6196b44c9201ce8d223553a1b56a7313b453269236daf3108427132e3b5221f160f6f4fd6d78a67ec70aea3cc7a81b4b03f420402afb58a89fbc5a1cd91b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
45dca8c51f444e2a4ee92881337553e2

SHA1
f1290e924efec8286b83c959292c24bbba8680e3

SHA256
85db17cf2fa42b90f6129ba5e834bb160bca0c5a51996f16882d31294967d7d1

SHA512
1a60e0282ccebf3149eeb6eb5d22c71611447bf8ae904d08c9c1ef05c487dcec2e95f000908588e32427ffa6aa90998d547d06749c2edd656ae697cec57a0070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
ab6e0c44485756a827d0f530a94ff5a4

SHA1
4bb9873e0d45a0c9ca76c27bfeab1f498f51a805

SHA256
b4ba3114a15bb728f333c66f2f1c1209d71d2036a0496a4a30d1ddfeaace68d7

SHA512
474c33def1273de91a81e248b7e0426556fa9ca5d10250fadfdef4138a49d1f9d74387cfd12c755c4f6fcda091b9a5ac4473f8420da274f83374ab8ccbd962c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit