hxxps://0y23r[.]mjt[.]lu/lnk/AWwAAB5yDYYAAchdL2QAANHX8DEAAYCtakgAnb6_ACRbAwBknXOIaJkKDw0wQqurw5CredMvbQAiBxw/1/8D_XTKRXb6yiMjbYkWPx3Q/aHR0cHM6Ly9uY3MtY2VudGVyLmNvbS9vbmUv

Analysis

max time kernel
70s
max time network
72s
platform
windows10-1703_x64
resource
win10-20230621-en
resource tags

arch:x64arch:x86image:win10-20230621-enlocale:en-usos:windows10-1703-x64system
submitted
29/06/2023, 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://0y23r.mjt.lu/lnk/AWwAAB5yDYYAAchdL2QAANHX8DEAAYCtakgAnb6_ACRbAwBknXOIaJkKDw0wQqurw5CredMvbQAiBxw/1/8D_XTKRXb6yiMjbYkWPx3Q/aHR0cHM6Ly9uY3MtY2VudGVyLmNvbS9vbmUv

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133325144712432309"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 932	4388	chrome.exe	66
PID 4388 wrote to memory of 932	4388	chrome.exe	66
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4192	4388	chrome.exe	69
PID 4388 wrote to memory of 4200	4388	chrome.exe	68
PID 4388 wrote to memory of 4200	4388	chrome.exe	68
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70
PID 4388 wrote to memory of 4328	4388	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://0y23r.mjt.lu/lnk/AWwAAB5yDYYAAchdL2QAANHX8DEAAYCtakgAnb6_ACRbAwBknXOIaJkKDw0wQqurw5CredMvbQAiBxw/1/8D_XTKRXb6yiMjbYkWPx3Q/aHR0cHM6Ly9uY3MtY2VudGVyLmNvbS9vbmUv
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbaae19758,0x7ffbaae19768,0x7ffbaae19778
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=1808,i,9190134213148160382,16303867917944889976,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1808,i,9190134213148160382,16303867917944889976,131072 /prefetch:2
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1808,i,9190134213148160382,16303867917944889976,131072 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1808,i,9190134213148160382,16303867917944889976,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1808,i,9190134213148160382,16303867917944889976,131072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=1808,i,9190134213148160382,16303867917944889976,131072 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4412 --field-trial-handle=1808,i,9190134213148160382,16303867917944889976,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1808,i,9190134213148160382,16303867917944889976,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1808,i,9190134213148160382,16303867917944889976,131072 /prefetch:8
  2⤵
  PID:5008

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3220

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9561efba-1318-49bc-8ebc-763c13a10d4f.tmp

Filesize
5KB

MD5
950f17807311b734c2cd40dc68b261b0

SHA1
cc77e88ce6d8a36ae4fdff9582f8cdfcddd6bc51

SHA256
191a7cc1f83e8066beb2498c75c1779c1806a998666e11a0b480b0ff120b3427

SHA512
695d40ae542260fde7a7d050850fadf674aced571008b1ff0ec5054b7319c7a7af0640feaf9e0e57ae88d1ed0b68752e42199438c7cdef2eda26a3fdb8cef147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
e0c4518ed9ca1bb8158131552d1eada9

SHA1
b9e06680435472fda88c3809bce62b093b7a549a

SHA256
061915ea9d6934eac98dc503ee55ea89a1c517018b2075695390b9669bee99c5

SHA512
3bf6a2a4ec37ce6baf0c05aa27fd6548717829303a2834e8b719ccffad26c61999a207028c6212fff202807954fd472daa51643f73af3733a891f639321875e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1bb9e52945341d235ad4691b98148b18

SHA1
4bc0a399dd8ea6513da434e7566ff95a499ece16

SHA256
3dbd86daed7f1929b6aeea74ee859c3594df1633e2c36ba8c9fc8c37d4d6cd84

SHA512
9a7330d3927374f8cac45ddee1639ff066dae9c7fc1852842443bc336bb933c7e05219302700450993e38d8a2a61d2aba6fa5cf168c389d6d9ca87bcb36e5e3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
36070c68c32a8c7e61642182157ec2af

SHA1
d5255fc0a7f8c0bbab728fce1f991c0d58720318

SHA256
c0b087bba5428dbf241e7cb0f6f76eda754ea958847d9e1f27faa58398dcb74e

SHA512
815ae8e3b9331f81b5b24600fabc2ec49f007473d6342941dd79e6f5f4e462e8a2ecf41e57f699016790f420f843ea094f3ec058fdebe7f54a0a86282b474e3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
007ad26d905b3f31666b3c50d951d8cf

SHA1
5fc39da01b7df4efdaaf26e67026235566335ffa

SHA256
f1d85edcf490f4d3b50f4c8a6c1c32cba2d8bf01caa66445ae9960de2063b383

SHA512
7a30fc56a4aa3a8c56c8b6ce93957c29a68777d5fadb36db1de8d0ebbba5dd72464262aacbf044747ff988993f2b90b614d259d509060fe8c17c7237e04f8fc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
366573b9191a6983111800121ecad07f

SHA1
c136cb24f57ffec1a8fac5cdbaa687e599a76ca5

SHA256
70bc931ae3f681b4d0756e5d30f6e354752104dbdab7a9b9c3a9d7b0d87b9db3

SHA512
85bd2cb6ebb9c66f19cc1af9492f310151e342879e23984c3ae43897395789f999c798d122bce958ceb4d113979fbe1fe60a46ba0fd6835635504d6051da32ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56c400.TMP

Filesize
98KB

MD5
5988c5709a239235b18d5e1f3a3b5796

SHA1
6aada91f6b11c7cc1a53ce5edde7512ac6ce4c91

SHA256
1677954d7c9ec6bd3a275993aa3d3ee1315b1fd81dcf36744ccb8ad93bf7a860

SHA512
bd29af5c671ce1e35821a639d79ec08f0f9b8d75c0659535e4447d992ccd1e0c33482cdf0148b6b90bc8ad5a1b852506c389373e91e8ba65cd44806a66a501f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit