hxxps://inscription[.]silicon[.]fr/profile/new-profile-1[.]php

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2023, 15:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://inscription.silicon.fr/profile/new-profile-1.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133323541666873203"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3508	chrome.exe
3508	chrome.exe
4516	chrome.exe
4516	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3508 wrote to memory of 1232	3508	chrome.exe	83
PID 3508 wrote to memory of 1232	3508	chrome.exe	83
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 3408	3508	chrome.exe	84
PID 3508 wrote to memory of 4628	3508	chrome.exe	85
PID 3508 wrote to memory of 4628	3508	chrome.exe	85
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86
PID 3508 wrote to memory of 4768	3508	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://inscription.silicon.fr/profile/new-profile-1.php
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc60d99758,0x7ffc60d99768,0x7ffc60d99778
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1812,i,8189788643553367826,16646402427833069546,131072 /prefetch:2
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,8189788643553367826,16646402427833069546,131072 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1812,i,8189788643553367826,16646402427833069546,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1812,i,8189788643553367826,16646402427833069546,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1812,i,8189788643553367826,16646402427833069546,131072 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4796 --field-trial-handle=1812,i,8189788643553367826,16646402427833069546,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5468 --field-trial-handle=1812,i,8189788643553367826,16646402427833069546,131072 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1812,i,8189788643553367826,16646402427833069546,131072 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1812,i,8189788643553367826,16646402427833069546,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2692 --field-trial-handle=1812,i,8189788643553367826,16646402427833069546,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3260

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
172KB

MD5
6f54ded9ca42f708f66bdac86b6b10bc

SHA1
9823201fb072764d62de4592950d7587c9fbe2d4

SHA256
9dc085abac743e3116cb6307efd7ad227f515cd3a8a0eb033d90946790d20486

SHA512
2dc3e63b27498be177eb35d91d74f32c241c11cef1bcd6d2f6363ffb5943fef83c346529bd49f3e053780b802a06af32c0002a15d8147e054dd69345b161184b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
8c73b4ce39413971438c215d3261a229

SHA1
28aee716dfeec5aeaf35ae24011a006a18f9316a

SHA256
f126274866150708eaf0bb6df119853801cc56db84d5e624ff5ee615a6d1e9ee

SHA512
c4cab2a0da25cf7eb377793931ad56b4ea79312bd04d179bff2e560167d5155127d915092885a05b74065f3363143468a611d357303f82aa58008ddf82714c58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
bb76eff3b553b97ab1087ad9803072f3

SHA1
844b9f9c4442375307943345917a2c68399b414b

SHA256
cc97553aa61c90731efb94a5f4340474439c6ae7d328fd0c080a08f1c4d48224

SHA512
cdfac19e7831efafaa7181412cfc6c0af2f92f2c6cf756219d3e52a7ca836445669b2cb1f788fa57d8722ffa675f5093ae25c28feaed144d638424f4ccb31cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b97880262312edf967a6d6a6dd8a6bb4

SHA1
91ae239fb4493b56182b3934a3e23592c827a5a3

SHA256
c933600662cdc47370a819b3aa6f16353b61092b0bdb2779e06303eae03cd0f6

SHA512
7881ea722b7e0b7adb98164b21264d195418face1c1a7e9217deb2bf8726f983d065844b6ed5250dc4d3b5e54746e4bd3d3e4f94eabf005d192340a699576b74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1718a0ca5597580835555cdd0662d5d0

SHA1
31afdfc962a9f583398ddb7a91fe888a30e7ff22

SHA256
f024dd117b8a6fffc4273966acd700c620e6161dc429c598010baf9fd9214f2a

SHA512
911ed14797668fdfbdfbc21b07160b1a47c664a02eb0e3a6f96827814d7064d39ba8434160259458b528de112b4279494430d5c13b7b424f1ae88dd2bc78fe0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
35ce17d73f7a071811413ebc2f1f93e8

SHA1
0f9012c536dbb69b72f12d75f8742abd4d75cb5a

SHA256
3da6eddf6a97deabbb558511cb9f5f331b30eece0654a5ef119e865acd58a2a3

SHA512
c8aad802b34a9a64bc1c7f551fef5b68e14f83d394ec40a2bbd9275890444e9cb3b32bca92933b1797bab77f75de01ad3035ff5e82691c73177dfcdee18a0834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
e27965f27d53a8c33c9c19f60f7f18ce

SHA1
5acc2956b602f55bff27a05c378d79de0c110cbe

SHA256
591cb4d5a69fc3eb40a6a6d89c186e75770e4c1627ca7bb90188f6baaee6ab0c

SHA512
adcf307555ac98937b7934642785f0b382ad99351401f6222a8e5396bdc06781bda9942519d00be752858c0c1fb2680c28c5a06c67d3f39f63b0b1a763a27c00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit