hxxps://imtivity[.]com

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2023, 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://imtivity.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133301466536415060"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
1908	chrome.exe
1908	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 4104	4948	chrome.exe	84
PID 4948 wrote to memory of 4104	4948	chrome.exe	84
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 3600	4948	chrome.exe	85
PID 4948 wrote to memory of 212	4948	chrome.exe	86
PID 4948 wrote to memory of 212	4948	chrome.exe	86
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87
PID 4948 wrote to memory of 4328	4948	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://imtivity.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc04d69758,0x7ffc04d69768,0x7ffc04d69778
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1832,i,6853528181895846511,718988927656557110,131072 /prefetch:2
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1832,i,6853528181895846511,718988927656557110,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1832,i,6853528181895846511,718988927656557110,131072 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1832,i,6853528181895846511,718988927656557110,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1832,i,6853528181895846511,718988927656557110,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1832,i,6853528181895846511,718988927656557110,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1832,i,6853528181895846511,718988927656557110,131072 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2688 --field-trial-handle=1832,i,6853528181895846511,718988927656557110,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1908

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:380

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
082f9b13e59f81afab563e3fb2420602

SHA1
983f5cffcdc3e18d8813bfb71f9db363699aa2f6

SHA256
a95626bc8f4332f9ce62a2374ff9220b1847d4303e23924ed5af2691dfb4db9b

SHA512
1991aa94b7a3dd06e3ba6228d884a96b3638c958e36cc2ce75c2929f6da8842ea5198444e341bf3fa00d042a77946d267e465989f771175a674f59ffb199492d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
b20592ff1ef65952449d0908c5e745d4

SHA1
4373fe50a1e20ac14cebc72180bebbef48a5d562

SHA256
545b81792d300b77bd836802625fff985a6f4d31f4595fd414c196135c9794e1

SHA512
e0ccec75ad3994be4dec2ae904b49433e0806fb9cb7437c72b9b5319846da355b76600248124b68d98f52ca6e7b90d11d234bb82b1466c6e3854227c4c5369db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
9f5733e4c5632bff1553b31cba7c50ec

SHA1
b3b8d6a3546b47b0e9e179ab2b6af3d2d5cdabba

SHA256
ba9ee7a30bf4e620e6663f5a820d49cf913c19b56c4dffb792977534c892ed88

SHA512
7a72936a22b241c1c4524bb69f4ed195ea2ca043db94ee99d6240784273edd90391566974e68e378031609aad16df221cf73a31480acc435d68150e445f3988b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
20b6fe5e81d5d242162f8aa3adfef040

SHA1
f13a9ce063053de98ad0f0ea0d5ac32382db920c

SHA256
039adbbfbd30a0c8b70c8188a1f56b4c8aaf2fdbc525093ea0710c2e5433e0aa

SHA512
78b6e9944c83549dfe246506263198f1d99ba82ab90cbf0b294416d89c1dd025b29f92a9bc573e5bbd73cf851238436a02268d26eeba5937292a00dd9fc69ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e08235f67d5cb46c333d1d02832026f2

SHA1
941ce8f769c4912835bab4ba68570c7c3d81d68a

SHA256
fa97aa5679f822a6286e0526f7163c7edb3cb291ae1a6d0503a5f8c137509be8

SHA512
2c075bbb149d3de7fbf148690b1ef44a30c5f0201f68339d0a0a1b17b8b3605ad1105af28edb4296103d3d64922b616f5ac7f9b18375a2f17c5062e8ac45b6db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
3940c64109098f5f542115e495580c16

SHA1
ee3f0839cf27f0c1cdcff5bf98e92ca4d9c1a97f

SHA256
b116cebafb1024c054fd69c5955ddcdb642f33881d39959333a09f6ecbdd43ff

SHA512
7b4d692709639dced02076424ada58ad412c5a174d3062b3ff908d9067df0e66cddd2fcdbfcde642bce0252e1f6e7e3571462297a12ab27478dc3a3df5d97201

Download Submit