hxxp://stonkstime[.]com

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2023 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://stonkstime.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133331948983681234"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
3752	chrome.exe
3752	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
388	chrome.exe
388	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 388 wrote to memory of 4712	388	chrome.exe	84
PID 388 wrote to memory of 4712	388	chrome.exe	84
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 3812	388	chrome.exe	86
PID 388 wrote to memory of 1336	388	chrome.exe	87
PID 388 wrote to memory of 1336	388	chrome.exe	87
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88
PID 388 wrote to memory of 964	388	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://stonkstime.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93ca79758,0x7ff93ca79768,0x7ff93ca79778
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1808,i,12922985725498309755,7922110408435053955,131072 /prefetch:2
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1808,i,12922985725498309755,7922110408435053955,131072 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1808,i,12922985725498309755,7922110408435053955,131072 /prefetch:8
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1808,i,12922985725498309755,7922110408435053955,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1808,i,12922985725498309755,7922110408435053955,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1808,i,12922985725498309755,7922110408435053955,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1808,i,12922985725498309755,7922110408435053955,131072 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1808,i,12922985725498309755,7922110408435053955,131072 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 --field-trial-handle=1808,i,12922985725498309755,7922110408435053955,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2216

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
29d95e9b819228babcc72c57bf6d61f6

SHA1
8c659a5148a5f81a6d4d46aec148bb6cd76387ad

SHA256
468d4308fda9c6ac9c0e0fb37a227cb7b40c1f5eebf5d2bca98abaaf83e1e2d0

SHA512
5754e5483e3c3e4845209d4c56dca20398312479644593bc3db690a1c088c14db0cd9d61557d547c087bdce6470e5ae14f8a6f637b44670751b79935ccf84f0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
592b27fcab2f7ae7dbced64a92c56b55

SHA1
f7ac794dc32edf3a195b985d67b152e14c6f9bea

SHA256
40539b791e75925a8ca1f3e739cd5097304f3703e36bf72c048c290f9e84ed73

SHA512
ab546f5767fe200c12945860e168dd942b5288dc81fbe1125364df26ecee703240d8fd31fb08e0f4f21d200437f57ae4638c8de0dec6c7c65df0f614e7c26f55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
db5b6666662fe2f8cd51bb2e4ad786e3

SHA1
55b4abd0a4a9cf2c5c865ac0c6266a995c51d93a

SHA256
033a9fc5a3a7d0c5e50f11bdf79be16ab05aff729b7336df6b7e1e6433db1a95

SHA512
33da1304fda30f9f8190ddcfcf9d07c0d00854ee2716e0c3cedde481e79f6abb06ebf677bf42e1ec91929f15951eec9a48c6fb1638b77776c1e855e9f8c139d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
9f1ad894bd129528c094d476b4429fcb

SHA1
3b832c203638f7e983cfe73545280e50a727e951

SHA256
0e51244dc7b2f27e50b26dbb48c850361cadf8f6f5097271e75cac3c0f221e46

SHA512
295077aa818eb0da32391c066017677c82a03c44faf6dd08fb8462657d03c384dc1b198ea73bd633ea44931b9f7982d61581843a3ed495f407a4804bc4c5e7f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit