hxxps://7granddadpgn[.]github[.]io/

Analysis

max time kernel
16s
max time network
17s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2023 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://7granddadpgn.github.io/

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1680	chrome.exe
1680	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 4420	1680	chrome.exe	83
PID 1680 wrote to memory of 4420	1680	chrome.exe	83
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 1976	1680	chrome.exe	85
PID 1680 wrote to memory of 2520	1680	chrome.exe	86
PID 1680 wrote to memory of 2520	1680	chrome.exe	86
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87
PID 1680 wrote to memory of 4540	1680	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://7granddadpgn.github.io/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0b699758,0x7ffa0b699768,0x7ffa0b699778
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1936,i,14713942532874472703,6330165020223078506,131072 /prefetch:2
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1936,i,14713942532874472703,6330165020223078506,131072 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1936,i,14713942532874472703,6330165020223078506,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1936,i,14713942532874472703,6330165020223078506,131072 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1936,i,14713942532874472703,6330165020223078506,131072 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4480 --field-trial-handle=1936,i,14713942532874472703,6330165020223078506,131072 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4804 --field-trial-handle=1936,i,14713942532874472703,6330165020223078506,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4688 --field-trial-handle=1936,i,14713942532874472703,6330165020223078506,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5384 --field-trial-handle=1936,i,14713942532874472703,6330165020223078506,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1936,i,14713942532874472703,6330165020223078506,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1936,i,14713942532874472703,6330165020223078506,131072 /prefetch:8
  2⤵
  PID:1912

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:500

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
535B

MD5
9ce0c015d6af75e745933bd4599a83f0

SHA1
dfc4727d4a80020c317d0c2b891ac2d4c68a7a56

SHA256
8645e541d9633ba4f64f2ec9ce207603047b6efd2b888aa22438b8fe174cb559

SHA512
c383572ddcd682a68207539a408b868d5415ad7da245836029fc985a4c8c8e934b8b3b06d6a2005c81009f226d33b16fb9f167acf546d9c70ef5852e379f476b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
14d4b402176b4db4cf7e8fb94f77dbda

SHA1
f8a3901be895e91a31882f31585dc440b3e7d947

SHA256
d12f5aa6ef7f2d99308094219865074e5da4316161afd228c9d67ec6aa7ae4ce

SHA512
8d168dd59a5cf7999a2d35dcfe1276dc33dff773e2e71677d43745e67a11057db71e3493cf1542e75adb0328a0e0d6e87e2cead402d182216a02b83276f25a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
6543c55158f488184b6d3e66ee08736b

SHA1
516fe5c064d30d5ba8c904557105f05ed07f23e4

SHA256
fea9f883e13868f898ea71ad8abc53929b5dbb36ba23b5b9c3882c10b9565e58

SHA512
8508210ff8fe9bbe6aa2d746b4c915bb77f3e645a3b54549e5231d54202c5db17832236064754b2f64020dfb635e5ffaf4dfa5821506dc02d17910bfc7124dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
a4543bf450bd57201ee57a121ee37567

SHA1
b541c23438518f96d3d6f1ed115bc94e06dee8ec

SHA256
481e9d05665876a50d16ed8d70343e077dd0d7c83fe7a88bc0df33f350a800d2

SHA512
b9a2c9aacc4b210e5a2fcea49e8d95bf6d99f0aeee31a605b21337f1a214df36888db0e35d051f119e39ccdcbf62abc03f3f522d53199ec1317f6925f368b27b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit