hxxp://www[.]tezmaksanonline[.]com

Analysis

max time kernel
26s
max time network
28s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2023 11:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.tezmaksanonline.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295801537909003"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1988 chrome.exe
1988 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

1988 chrome.exe
1988 chrome.exe
1988 chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1988 wrote to memory of 1480	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1480	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 564	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1560	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1560	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe
PID 1988 wrote to memory of 1556	1988	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.tezmaksanonline.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1d459758,0x7fff1d459768,0x7fff1d459778
2⤵
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1820,i,11283599583990479916,6283928053069914401,131072 /prefetch:2
2⤵
PID:564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,11283599583990479916,6283928053069914401,131072 /prefetch:8
2⤵
PID:1560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1820,i,11283599583990479916,6283928053069914401,131072 /prefetch:8
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1820,i,11283599583990479916,6283928053069914401,131072 /prefetch:1
2⤵
PID:4696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1820,i,11283599583990479916,6283928053069914401,131072 /prefetch:1
2⤵
PID:2452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4580 --field-trial-handle=1820,i,11283599583990479916,6283928053069914401,131072 /prefetch:1
2⤵
PID:840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1820,i,11283599583990479916,6283928053069914401,131072 /prefetch:8
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5468 --field-trial-handle=1820,i,11283599583990479916,6283928053069914401,131072 /prefetch:8
2⤵
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1820,i,11283599583990479916,6283928053069914401,131072 /prefetch:8
2⤵
PID:3192

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4632

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
cc9a01ca30802e3ff171cf115d8bff64

SHA1
9de5a3bf46491e38349ab9b51a9253f3da348530

SHA256
1a1a1de87c3ed18c8a6a9c98d8aadb64b11154bbd5e9d133d6af1b0732e4d470

SHA512
f5d61bed59f20bce5c92c015ffbf7f184b5cb109eed0da5ece7a03fc8ff56f926a06efb1b7ea527fedc956d61f5e15ede6ae314b5a6d666e955e3eee91fb23ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
2a8c331b8ccccc3e1d4cbff45234670a

SHA1
5659ade13b61b6ec0de485d14e321cecb2644076

SHA256
1f8a9a8c473ed906ea38a7a8f02f340cc1f7c44c5a05d26c8395a0bb2d2c08da

SHA512
75ef89752dfded630550b798795f08cfce7e246ce377aaff59fdc5a56288c96aef5ef581f9b995d274ac997fee50c48f030cba06f9d9fbbf515456c5e365ab1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1cc7b0fec6f15e76f1e209f355828979

SHA1
e9a81ed82fc9a9bfc9df433dd9c827fa8ffdf00d

SHA256
254843796189bd9f065ffb13afc46e368011b2ae3ffa6125d09a3c5677eac1c7

SHA512
50a85a71f8c450bacf989ebb4d19edaca342ab1b70521b2eae65bc15eecbb377e514897fa6a625120984400e6bd3402183dfa789b6bfec5dfb511d5c03cf95aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
da9c8ce14cebf1f1ded3c05a5f5dd7cf

SHA1
ba2693f6270c4a7bb41cd2ddc18a426537285027

SHA256
4571d089f163cd361e78b05357ced503afa7abd06a61363cd38f7eb3d62cd9a6

SHA512
065b9a9230eb0acf4afe7143150547206baf052027fea0f068ea7d0fffd9189d35ab9eb3911be92e7a021bf523444b32198381e39641961e969817e6ed13e3da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
60ee43dedb45b392f1621a47538871e1

SHA1
91d78383370cf96fb6502ce21b4e29b4fb64de9e

SHA256
16112f59c46bad94c8608f5ce219a3d729073792fd95e98be30d848f8cc4a923

SHA512
54d3c7841a1be23f3153c9cf4b896bf91fd3c13be87f59ce2b5b9a02706b2a31ab77b5d99c795819bf9313f88b073eac5b4a74487c65701639015d89b4deac19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
153KB

MD5
c0ead4470441207e903d044927f06c36

SHA1
5596a6662aef1bfb693de2ea256d165b9ad58ea8

SHA256
3854c2d77e63defece4bda26e711eea1dc23940b6fc9e032eddce56273b9432a

SHA512
663603ebb147b6f7cc6a4d2d432d28a786c3ad6a60d471d7953a9d35178d7ceafd2b8ef45abcd1b54e800bea8560f8e0893b81901ee57c9f8e94d7636c1df5d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1988_VQDAANLCEIPCABNT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit