hxxp://atyvdjbv[.]xogases[.]online/

Resubmissions

14/06/2023, 10:50

230614-mxf3kaga93 1

14/06/2023, 09:38

230614-lmcfysfg9w 1

Analysis

max time kernel
33s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 10:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://atyvdjbv.xogases.online/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133312134459428793"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2240	chrome.exe
2240	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe

Suspicious use of AdjustPrivilegeToken 56 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe
Token: SeShutdownPrivilege	2240	chrome.exe
Token: SeCreatePagefilePrivilege	2240	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 3572	2240	chrome.exe	83
PID 2240 wrote to memory of 3572	2240	chrome.exe	83
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 2888	2240	chrome.exe	84
PID 2240 wrote to memory of 3260	2240	chrome.exe	85
PID 2240 wrote to memory of 3260	2240	chrome.exe	85
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86
PID 2240 wrote to memory of 4916	2240	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://atyvdjbv.xogases.online/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff255d9758,0x7fff255d9768,0x7fff255d9778
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1816,i,489858460849072060,13884373661104434370,131072 /prefetch:2
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1816,i,489858460849072060,13884373661104434370,131072 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1816,i,489858460849072060,13884373661104434370,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1816,i,489858460849072060,13884373661104434370,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1816,i,489858460849072060,13884373661104434370,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4512 --field-trial-handle=1816,i,489858460849072060,13884373661104434370,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1816,i,489858460849072060,13884373661104434370,131072 /prefetch:8
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1816,i,489858460849072060,13884373661104434370,131072 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4800 --field-trial-handle=1816,i,489858460849072060,13884373661104434370,131072 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5056 --field-trial-handle=1816,i,489858460849072060,13884373661104434370,131072 /prefetch:1
  2⤵
  PID:3412

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1624

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
29c9480aa6ea2c0ed0aa843fed325f66

SHA1
6ad3eb97872fad30cb32959374dc9d9b88c50a81

SHA256
455ccb78ff48fe258f031cb6f47792e0ebf2f90703d130d8304d20e05f0c668d

SHA512
ce9eb2fdad306457df61fbbe147d5f68ac5b8be1c5b9afcfc011f47fc648cbf4339d3d6b7ec7b68dc67695884fcbf34caa50245aec1ef4b8f5308e6cefff38c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2432b14893ac7a6112e5f412566860dd

SHA1
dd1a0b57f35ae832f7068035b4292cbc3fdfc21d

SHA256
ea8f8f93d3b21506322f59d5a7c437e6aa64efa749e3bc6ea04c36b1e56a55bb

SHA512
37d6943121635c6fd3ffaf548af3f56dae26ea8243623eda82923385f8de741e29c4324557cf19017ec04ad60f8dbd9212487394ef55bac0fa793590b8d69c55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
3354a1976c44090fe2237afd1b4fc6ed

SHA1
d31f150339682bf6c0a0a051d1ed7c19b9a9baf4

SHA256
53e7ab650e73d7c589186d7d1f02dfeb3996a5f38b0d8b09bdf275c384b8a405

SHA512
9526eb1bcb7d6c46d84a6260e1961ee47591deb8924fa1f0c97695f152d7b39c6fced2be481a88067eb51a161504098e92311c31932e021633e929336d7cead2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
b22aa5e8cdec3ead9b5d014dcc7ab8e2

SHA1
d99515331eaaf276d03dbdd2a5e91ee4b25f7278

SHA256
84c375411dd5d928ed2d2d2e38004b0d17eac8cf9ad2697a384d1a1a63b49c55

SHA512
f4206811666d82561f6dc9bd84234d64b20213c4d327bde0b3ce136229578e73ebabf3d45475b650aa76619d5308d183166592a13b8a69057ebc6ac28939d04d

Download Submit