Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system -
submitted
23-06-2023 19:53
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://gateway.lighthouse.storage/ipfs/QmRzdTbTfKPn21sDcx4eiMS5oQCMjkUNeCRmEZ1V7jz5Va/#[email protected]
Resource
win10v2004-20230621-en
General
-
Target
https://gateway.lighthouse.storage/ipfs/QmRzdTbTfKPn21sDcx4eiMS5oQCMjkUNeCRmEZ1V7jz5Va/#[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133320236024765656" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4236 chrome.exe 4236 chrome.exe 3376 chrome.exe 3376 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4236 chrome.exe 4236 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4236 wrote to memory of 904 4236 chrome.exe 82 PID 4236 wrote to memory of 904 4236 chrome.exe 82 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 880 4236 chrome.exe 84 PID 4236 wrote to memory of 4860 4236 chrome.exe 85 PID 4236 wrote to memory of 4860 4236 chrome.exe 85 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86 PID 4236 wrote to memory of 424 4236 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://gateway.lighthouse.storage/ipfs/QmRzdTbTfKPn21sDcx4eiMS5oQCMjkUNeCRmEZ1V7jz5Va/#[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd33b29758,0x7ffd33b29768,0x7ffd33b297782⤵PID:904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1832,i,3449299083080990105,12438828589640529277,131072 /prefetch:22⤵PID:880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1832,i,3449299083080990105,12438828589640529277,131072 /prefetch:82⤵PID:4860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1832,i,3449299083080990105,12438828589640529277,131072 /prefetch:82⤵PID:424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1832,i,3449299083080990105,12438828589640529277,131072 /prefetch:12⤵PID:3160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1832,i,3449299083080990105,12438828589640529277,131072 /prefetch:12⤵PID:2232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 --field-trial-handle=1832,i,3449299083080990105,12438828589640529277,131072 /prefetch:82⤵PID:1816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1832,i,3449299083080990105,12438828589640529277,131072 /prefetch:82⤵PID:5084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1832,i,3449299083080990105,12438828589640529277,131072 /prefetch:82⤵PID:4028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=848 --field-trial-handle=1832,i,3449299083080990105,12438828589640529277,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3376
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:5012
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD5b00823b369dfdff39365e3caf5ce6b97
SHA1bc958c4cca40f90a9d04cd28bb4e1d862c61eb9c
SHA256e8540db4040bbb7cba9db7557b655088b3381805053571aa4ec12d3b1774b48a
SHA512fabf903271ace5e381e525d17a541704b7b29bc56d22ae2a2c1992cfebe1e8e145621f757a4428fc973f41920670de03632e7f22894832b312624baac027b5ba
-
Filesize
2KB
MD538b1fa9f612b49220233212f8227b8cd
SHA12e470456601d59b771cfd7079c054d6a831cad95
SHA2565e273a00564e3f9d60050d460ca1e4649f50d9a817a5b27484b3e9433a24bb23
SHA512ab26a73112c52e59954e95d56dbcd531570685af0441927850a20546b0d4614bb9e2bb69576ac922e30b4e0827aaae8c36f225113aa1c51e554ccbc9b7ebaa68
-
Filesize
705B
MD509eb08065f14a9e6ea7918568a694b7f
SHA13959691fd9b1bc2b4693e521bc8ba337603367ba
SHA256d92a211c6a579eac0e87dd7f4dea7084b6af04951cb87497199379ab9913de2c
SHA512d92c3f14f6667bdcfb61c3d955f1c7089e2c8bff2bae7020c9a8773ac3d238d4c07d8574fedc59ace0b5deaedb35dace85b884bef1e64a8d5436a736bba87eb2
-
Filesize
6KB
MD523a3c0559636ed9a61fb31cbd44d9897
SHA1168aef44aaf95acce234a0f90626843bec79bef6
SHA25626a81934597a48e7cb4beaa80bcc69ab1654b1edfbdd2cf3813da68ce9b302a6
SHA512579379604dc9d0381b2ec8f1102c3cc50cced8b708573ee5ebb7a7a2efef3da786978adabb6ab49061c842d2f20bad2ee61f15907563700704e9786d24e4c010
-
Filesize
15KB
MD5c24dba1dbc0040114a77f2175806c50f
SHA18ae6dfdc34fd734339f9d48de7246f94489c9a48
SHA256dfd6161296a135e227c88f29492b3374f67f6d778a834860384589e8a3bb13be
SHA5120f61d9b73f725bdf5bdfec653ecfa840d284c1f6d9c77b5be52b0bca8da04d8882704ed4bbf8f10ab5c8bc56108ddd743f7171a5bfeb54880299c439dad214a2
-
Filesize
174KB
MD5c136dad4fe00da407d7f8f4c7a1ddf21
SHA149749c5953d10a22926c7454273e807dcdbe2074
SHA256e15976e3508012b941ea68a3d03ae1e1d281c267033c72815cc4f09bc74e5dd1
SHA512ff0cab09590365c87fada928b238008bbac37113b7eb5091f78df778b8dd12f79d02460c9a2582b9f680dc8e6cf137eedd474746095a291a53291a214aada8ad
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd