hxxp://github[.]com/Pyran1/MalwareDatabase/main

Analysis

max time kernel
47s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2023, 07:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://github.com/Pyran1/MalwareDatabase/main

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133306840611855740"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1784	chrome.exe
1784	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 4616	1784	chrome.exe	84
PID 1784 wrote to memory of 4616	1784	chrome.exe	84
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 1932	1784	chrome.exe	85
PID 1784 wrote to memory of 4188	1784	chrome.exe	86
PID 1784 wrote to memory of 4188	1784	chrome.exe	86
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87
PID 1784 wrote to memory of 3928	1784	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://github.com/Pyran1/MalwareDatabase/main
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff92b009758,0x7ff92b009768,0x7ff92b009778
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1796,i,5471449697952772498,9369296610253971456,131072 /prefetch:2
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1796,i,5471449697952772498,9369296610253971456,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1796,i,5471449697952772498,9369296610253971456,131072 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1796,i,5471449697952772498,9369296610253971456,131072 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1796,i,5471449697952772498,9369296610253971456,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1796,i,5471449697952772498,9369296610253971456,131072 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1796,i,5471449697952772498,9369296610253971456,131072 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1796,i,5471449697952772498,9369296610253971456,131072 /prefetch:8
  2⤵
  PID:4064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1688

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
190fd501c1d9f967589836a708701eca

SHA1
4698ff63dc73626dfe4c244ef27f99d28caa68b7

SHA256
5c6f9bddebdec560ac79e0b6be27a3be5bb1d3fc7de5cf8736db1234a1075ebb

SHA512
4bca328446d91b697c61ace9f2dec56ea81a44d373157353f9542d25aa01f67fa9e2cb0e2749b26779208df46c3319c2c11b217b135581b1230fa5f3477cb0a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2121156da8a03bcbd2c9ce8ea56d5e41

SHA1
8142db8d5fb82aa76acdabe54d7b9ac84663055d

SHA256
66cccb811134011c6b02f3167e55335c3f55cca629eadc56544271b43ec8fbae

SHA512
a84229938221e9346f565d80dff32e139ac4b7e849ac36a8dd4de0b43b74559bd6a10b044a0347eb1f9e5fb885903b9f57584fd7564af0557b7d084e1d013b2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0e9240cc1b1dea720064239629df8fde

SHA1
30223c3de76ff6e8063bb1cd2cde8e842fca9a04

SHA256
31f7e1239a67dbd9e578e511e2f23223be032039a6f6244f45923415e27987d6

SHA512
31d647fb68e55ccd22952c49340e36d042508dc35a4354ae6febc36113855bf5df741659169fe99e51b2b7b83c281367ff15d0dbf8cb0944e0b6a09b0b4805f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2988793813c7de8a996d06aac5f8bf4e

SHA1
72e3cb38d8f944f282c201f1b2e8231c9060b3c6

SHA256
a355e89af83ad968f586f4cd0ff9e6487929e55c87073398a8793344ce006502

SHA512
5fd3007255f3f7f3d6010fd176e9854036029f65cc2ecc51520146a4c899c56027799cbda140e9631f96b955148c91c564842042396d40f33d59fc0d9c8a960a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
eb475bc0b5126053d5d2b2205a67a352

SHA1
6a77378851aa581ba739fd3572aa29d148381bca

SHA256
a2b2019602ac659e0b1863a20213b9b5a3b5db63f9af0f582a3a321e7a1198b8

SHA512
f99a71ebddc3a81e3bf6f1df82ec0a87d015f0873cf881419d463f14cd67526078c308d1167ac4aabe69af09f662c645c1ed2e9352b4309711d7aca00c52860c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ad4e9403-4b7b-42e1-9394-47bc2b52c17d.tmp

Filesize
158KB

MD5
ef7d9472f8695f1119ff1ac426f95056

SHA1
a134b0a7aaf468c5d496dbc3ac51df3f65b5545e

SHA256
11f550cf62574ff2cb9e2a56d200ccc5849d2590cc1e833d96bb5ecdf4b03949

SHA512
19c24fcb9d8f3de67cfcfdda66de268d85eaa218d393b5f1ef71644b503c6fe294ac0ab066d4dc4d859de5e439da4482bd60f678e9d8000d95142b64af172ef9

Download Submit