hxxps://superactive-c3vwzxjhy3rpdmu[.]t4vs6j[.]ru

Analysis

max time kernel
300s
max time network
254s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
03/07/2023, 21:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://superactive-c3vwzxjhy3rpdmu.t4vs6j.ru

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 5032	2568	chrome.exe	69
PID 2568 wrote to memory of 5032	2568	chrome.exe	69
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 4844	2568	chrome.exe	73
PID 2568 wrote to memory of 3096	2568	chrome.exe	71
PID 2568 wrote to memory of 3096	2568	chrome.exe	71
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72
PID 2568 wrote to memory of 3948	2568	chrome.exe	72

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://superactive-c3vwzxjhy3rpdmu.t4vs6j.ru
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8dc519758,0x7ff8dc519768,0x7ff8dc519778
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1784,i,7184041106087228109,4785878976163069022,131072 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1784,i,7184041106087228109,4785878976163069022,131072 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1784,i,7184041106087228109,4785878976163069022,131072 /prefetch:2
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1784,i,7184041106087228109,4785878976163069022,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1784,i,7184041106087228109,4785878976163069022,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1784,i,7184041106087228109,4785878976163069022,131072 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3280 --field-trial-handle=1784,i,7184041106087228109,4785878976163069022,131072 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1784,i,7184041106087228109,4785878976163069022,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4508 --field-trial-handle=1784,i,7184041106087228109,4785878976163069022,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4488

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ade7a7e54e01aaf320a8ca4b1971c588

SHA1
13be576c55992847fa24e32f1f8a6826152f4377

SHA256
e2ba376b634191f8e0fde3bb194a19463a2de65b76ab6f4da79acb75d279fb08

SHA512
691ef1b042cb72127b497836abcecf833b1e64022332aaf1b39410e7d4eb8a5a3463234fae9c2c2d0b2e83a7e5aad37b56682d546a38bed390ce0bd0af9e3162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
02fb32198efb4d2e9248a941d0f7026a

SHA1
1e4ec1de361be1b4e2a16e0731183353fb7950ba

SHA256
25aedf5b1d702e486609000b73aabebb88965f6c01367d9df7a87b30b9f7f895

SHA512
0d6692c2fcf89290617b642c4a474956f99c020f58dd74fa8c4aa0f894bae6737ebae14f3be29fefc8209f610344d51bc0ebb7097b5240b38066090325de0e39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c2832b2b075fba4bf36949b80db044e2

SHA1
333377cd7a5cb747f1ac0d8411d2984344f04443

SHA256
1a0207fb6b16859e342652e20c9b5a303eb21185f3091e417042fb35dd749276

SHA512
dc4120a961fd4ad56cd701e6b90a2130bd191284af0626fca6655cff04ac00dd55d8463ff07d290012a88ad5559d48994511a7c56c1e8c96307daa35d76a3f71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4f52eb94d81c09b50726cce0dccf166f

SHA1
045ddb890b8673d90b7a37f66f7d44a02058cabe

SHA256
42fc3137c84160e461f96667a7d3095593ecb86e82f5bf8768eb13252e569302

SHA512
f1f35b4e47bb7282614d397cc88a0bed98cba0acd7f2cde231dad6e77a0b8bdec47d9382c14948c4f3c10680b53ed7d4381066c963e3463fd464912e7a123f39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
8f756ffde53980ee4bea8cede3b3cae0

SHA1
e3f082dea14d2acb72ba60f715ca75971bd0b2f9

SHA256
7315da6e9f97e300372d1af42860b68537ebab89ed6325a640e85db17de23f85

SHA512
b4cbf56a0379ce2aec1a58308ad419302fa87c4d110b51d4eb928cdbf3d621cb429a7ba9a4e9abfac74b49d4ebd7cd93c8f5b9df9fe591934513afc77f6d2bbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit