hxxps://go[.]preqin[.]com/e/909852/investorPreqin2023-0523232/c1ln14/642202005?h=52LwRDHP0qb0KjFLnARkJJRWxJxVmxyG7-rJHtuu-Pk

General

Target

https://go.preqin.com/e/909852/investorPreqin2023-0523232/c1ln14/642202005?h=52LwRDHP0qb0KjFLnARkJJRWxJxVmxyG7-rJHtuu-Pk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295813155272286"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1236 chrome.exe
1236 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

1236 chrome.exe
1236 chrome.exe
1236 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1236 wrote to memory of 3880	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 3880	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 4412	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1828	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1828	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe
PID 1236 wrote to memory of 1160	1236	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://go.preqin.com/e/909852/investorPreqin2023-0523232/c1ln14/642202005?h=52LwRDHP0qb0KjFLnARkJJRWxJxVmxyG7-rJHtuu-Pk
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa66269758,0x7ffa66269768,0x7ffa66269778
2⤵
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1812,i,7194486057371773490,15214367037015661074,131072 /prefetch:2
2⤵
PID:4412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,7194486057371773490,15214367037015661074,131072 /prefetch:8
2⤵
PID:1828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,7194486057371773490,15214367037015661074,131072 /prefetch:8
2⤵
PID:1160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1812,i,7194486057371773490,15214367037015661074,131072 /prefetch:1
2⤵
PID:3380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1812,i,7194486057371773490,15214367037015661074,131072 /prefetch:1
2⤵
PID:4224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4776 --field-trial-handle=1812,i,7194486057371773490,15214367037015661074,131072 /prefetch:1
2⤵
PID:3732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5104 --field-trial-handle=1812,i,7194486057371773490,15214367037015661074,131072 /prefetch:8
2⤵
PID:1692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1812,i,7194486057371773490,15214367037015661074,131072 /prefetch:8
2⤵
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3268 --field-trial-handle=1812,i,7194486057371773490,15214367037015661074,131072 /prefetch:8
2⤵
PID:3736

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4236

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
d8402245dc3bc066e131965a25c43bfe

SHA1
1a0f1dc27f2bdeb6980a733349f73148edb75941

SHA256
141bc162ed4318863fa5a939b3f004e365542787bae1ad08b84cf0b034a12f1f

SHA512
c04c9fcd5b9e35989fba5c4ad604fa3d73ecb0e179eacf1b2c583fb90f8cf056540db37cf895c370c03faccdbeed73bcad5e3da0f2e016604a3c6efd1e8741a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a39ec042e65fd02648a507228f60831b

SHA1
f0b9ec1d196ac65d1139244644388d7dc32db093

SHA256
17e7f50cb05772e506e6c45296dae1c9f018511a650ef62dc1ca21ee0ba56d93

SHA512
bfad1fa230aced0d9641a01a39b22b42a306aaf12b55661ef0fd3c3757edc93409bcba363a55eecd79fbcf5d1c6e9db3a75632ecb5891450158ca26c1999d473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
89a7d318c6bd276c782cad6c42d2c494

SHA1
14f3ca2dc67996542bcd0b98f993bf67294094a9

SHA256
5b2c7061d2a8e6342726e91d2857dacafe724f26851f8dec88c8a15bed97bab8

SHA512
d21332e5b0aaf2694a332772b9226e13452f091192341bb7d9b3fffb4e0455b0c7bfc92e3c756c8ca50d3ac300e0b588c52e1c35b5f68a9bcf79f428c0b2c926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7a15be468e3e241208b2bde85f784a3b

SHA1
0b4b671aa050a92c54bf242acc90e4bbc32717d1

SHA256
9715f6e3ebc68d8d77257175219f69583c3b0e45225234e37416a4f86a8ad716

SHA512
12dee6e0e926e94f624a57276384b4db44e920e8ec0c3511840297e5c85583af2c0487501e193d6a6f41ba53ea0c723f73e70c7c8bd62f41d6fd4de031f4cdaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
99f235ffcba1d40070fbaec78854dad5

SHA1
471bab7d6da7cc4fddfdefad8dd508ca9116e606

SHA256
30adafed3c4f932c9766d5232ff09b2719fe7a79a4cfd1bc508b8aab46ca8962

SHA512
524d6a9eac345b9d57dff83bfbb42dd04678ed17d586141819565f19040bc507d495e3c10c1a40a0bdd44d442c30422b1ce6894e2a0285276f7acb12e9b3d0f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
153KB

MD5
8ec9552b9aef425d470cdc052a9b6417

SHA1
80e2d15dbace7ba8448a118d41f174a97e4cac76

SHA256
b54324c257266e528db7a202f29ad56f595544f90373ce582faded9ec96eb93a

SHA512
1d56a5d35f7a7e4eaf9ef6bdd0e9b2a26176247b52bc21b5f65d6da309a8eb3ebcb331d6e4a05db356a095c4f62d13a3dc605714df31e820819f07784c790232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1236_DLSZLVCXOZWNXJDF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads