hxxps://greasyfork[.]org/scripts/402064-soldby-reveal-sellers-on-amazon/code/SoldBy%20-%20Reveal%20Sellers%20on%20Amazon[.]user[.]js

Analysis

max time kernel
98s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2023, 10:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://greasyfork.org/scripts/402064-soldby-reveal-sellers-on-amazon/code/SoldBy%20-%20Reveal%20Sellers%20on%20Amazon.user.js

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133331983724757821"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2376	chrome.exe
2376	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 3184	2376	chrome.exe	89
PID 2376 wrote to memory of 3184	2376	chrome.exe	89
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 224	2376	chrome.exe	91
PID 2376 wrote to memory of 4776	2376	chrome.exe	90
PID 2376 wrote to memory of 4776	2376	chrome.exe	90
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92
PID 2376 wrote to memory of 3748	2376	chrome.exe	92

C:\Windows\system32\wscript.exe
wscript.exe https://greasyfork.org/scripts/402064-soldby-reveal-sellers-on-amazon/code/SoldBy%20-%20Reveal%20Sellers%20on%20Amazon.user.js
1⤵
PID:32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9f6399758,0x7ff9f6399768,0x7ff9f6399778
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1912,i,11338720861828959241,12605588701893472713,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1912,i,11338720861828959241,12605588701893472713,131072 /prefetch:2
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1912,i,11338720861828959241,12605588701893472713,131072 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1912,i,11338720861828959241,12605588701893472713,131072 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1912,i,11338720861828959241,12605588701893472713,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4608 --field-trial-handle=1912,i,11338720861828959241,12605588701893472713,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3828 --field-trial-handle=1912,i,11338720861828959241,12605588701893472713,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1912,i,11338720861828959241,12605588701893472713,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3828 --field-trial-handle=1912,i,11338720861828959241,12605588701893472713,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1912,i,11338720861828959241,12605588701893472713,131072 /prefetch:8
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1912,i,11338720861828959241,12605588701893472713,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5392 --field-trial-handle=1912,i,11338720861828959241,12605588701893472713,131072 /prefetch:1
  2⤵
  PID:2140

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2204

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
cc4efe9778f87c9694ffc7b80c6702ce

SHA1
f77c45e0df9124b168ced8899a176793d0207726

SHA256
3ea716514f13ff4194a27a88b0b44b9fc692913ccb9e88c00cc8ff48136bb0d1

SHA512
0fe80dae1891dd87f98e5f1e82b563133f6634ae2999a566576bd773ef9181cbab34ef00b969a4af1abaac4c9bd65a966305ad23056815699c220274c0f8e16a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
7ee1c476d776aea95d345a5c5bfcf24c

SHA1
a9dbd7db5af53164fdc573abc1ff09ba382d72fa

SHA256
8b92ca97e4bc889771c24134db51b29ac4efe1bb893171e21bb2f6aff8e4ec01

SHA512
16e33b5ab3c1661e0a6fe5bd17da422c806d34dd4b11e7f4a75aa9f010429d321de0585d5b486a3587d15800debbd950981c80eb3a2b46c198ef5d551e27f64c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f7a17f562a1b396db69431ab31efe157

SHA1
4b9650b77afdb1063753b2710b84467298d2fec2

SHA256
e8c83a7b1855896413aeb7c19fb8e16894f387d2d33e4490006a69c5f0e5c541

SHA512
e3fe7381703bc9ef99d6b3cd7a54953913fba9dd84fef0b32c2ad1c66aeeedcd32e5f039295b6c1d443d9f0a3be9f0e3e971596fbea6bc7e424e50a6b7fd0eec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
577b89529ad855d3d4c2978a05f754b5

SHA1
d527ec69b89abd72724ba90e9ae9c1668d19a545

SHA256
85346e261a39417fa6c580bc82b7d77d17f1c12389633cc481b4659db57982c3

SHA512
aa9ff11d1e204eb36b25c080ab0e2dfcf8f3497b78549a3cc18d99fd340e832dd217d5af301dec595157e96d0124de39aaba74d9262193f38200023567e120b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
9a75411b7c0a5ff099b07abd52eda9df

SHA1
341a28fdbd6540056bb5b8119434754708fd6267

SHA256
722b3a2225dcd83e2ae0bf8c2467b3af7343a72b303c4420444ec4d07ac9d1f2

SHA512
d897e6c8dd7f4fe52959aabb6833f1a274ce9f7ba786bb78a632edc77a4f85f744a3e4f0aa7060b59da9e6c1a9e454ac7d3dff0416dce30a08c74b93b9061f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit