Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
07-07-2023 17:39
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://hit.teratracker.com/
Resource
win10v2004-20230703-en
General
-
Target
http://hit.teratracker.com/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133332251687725128" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1736 chrome.exe 1736 chrome.exe 2056 chrome.exe 2056 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe Token: SeShutdownPrivilege 1736 chrome.exe Token: SeCreatePagefilePrivilege 1736 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe 1736 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1736 wrote to memory of 4260 1736 chrome.exe 82 PID 1736 wrote to memory of 4260 1736 chrome.exe 82 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4000 1736 chrome.exe 85 PID 1736 wrote to memory of 4084 1736 chrome.exe 86 PID 1736 wrote to memory of 4084 1736 chrome.exe 86 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87 PID 1736 wrote to memory of 952 1736 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://hit.teratracker.com/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1736 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff734e9758,0x7fff734e9768,0x7fff734e97782⤵PID:4260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1848,i,12371951623544258305,4032669111891352259,131072 /prefetch:22⤵PID:4000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1848,i,12371951623544258305,4032669111891352259,131072 /prefetch:82⤵PID:4084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1848,i,12371951623544258305,4032669111891352259,131072 /prefetch:82⤵PID:952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1848,i,12371951623544258305,4032669111891352259,131072 /prefetch:12⤵PID:3188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1848,i,12371951623544258305,4032669111891352259,131072 /prefetch:12⤵PID:4660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4656 --field-trial-handle=1848,i,12371951623544258305,4032669111891352259,131072 /prefetch:12⤵PID:4868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1848,i,12371951623544258305,4032669111891352259,131072 /prefetch:82⤵PID:4584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1848,i,12371951623544258305,4032669111891352259,131072 /prefetch:82⤵PID:5080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5280 --field-trial-handle=1848,i,12371951623544258305,4032669111891352259,131072 /prefetch:12⤵PID:3500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3912 --field-trial-handle=1848,i,12371951623544258305,4032669111891352259,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2056
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2056
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\27fccfa2-285a-431a-9291-36e2a74b5dad.tmp
Filesize6KB
MD5b9450d1d0e41052fe421872920aaab9d
SHA131793a2269d179987ae77adfd9ebfe4fb9c3c464
SHA256a701bec829f23b207980e404b142d3439c66f2e65add574a5e20ac5d7e7fa60f
SHA51223ce98aa8876841c006b524ff76d8d2f569c5e968f72b8417ec0985bdee63e7a9334b77ef14cc3431b1419472e522ab5d4a3781ca8f3aa40b1cbfecf552bc797
-
Filesize
2KB
MD59c1103b31082da86f755fc5064758731
SHA13687c5b869894ba5660730c10e80307cb7f390a0
SHA2564a088ffd5b947fde479e37914931a9301c07469c594a62604b08366a361fe9d6
SHA512c554c07ee8feddcd22e165d9b02839757866b7b0428cabeb3333add86ccd99de59f62b6b3997dfa8d6d6b45515502002083073e0f28ad9eeb42c76a8110fa0f2
-
Filesize
2KB
MD5207e3707dda2a19e564effdb0cd65761
SHA1645e54af491d84bda46a7a58b5704e24b85176cf
SHA256a074bc8c45b26c2ca5abf087adbdd7ce39f1ab92d4f5d82b3f43e4c85121d50e
SHA5127d9c5e24b5cc14c7daacf666049d760e98fb5a2dad43eece58d0311db72e3c3a0f276aeb298063fd6f1f73fa1e30c1ff77f15d1c1c1b385c25ac3c606dae63d2
-
Filesize
539B
MD590fea6ac5e0b39780e921f53fcee7d2a
SHA1899991d2a369ef91c5e2327f2b17d51287d368a4
SHA25674fb6644c02915f715e621087c189fb298fbc20bc4fc27f08f1c4f0927bb1613
SHA512c71ae638c114ac528f1ee8c2c9c12d2a52e48f450c04d0ca3b93f938f30ab51824c61a7905a435aadc8ec08625cd05d5f784b429cb0f0f2c3d5fdd65977485a2
-
Filesize
5KB
MD559b598307e277a50cc7eb76d45eb7218
SHA131de5ecae8dbabb353fd3912cb92a37b24175eb3
SHA256aad6b256a5c9388c4639246167c8672ff1d9db3348f1aa94c93804bed40fc6f4
SHA51270d01863e6333018ffbed3bc0a0fc0493a3800fe94675a84b2d73dc93a2acb5531c990a0c9d2bcd6e00125dcab9a6115fd77b89957a4185f1aa96fa50c8fc2a6
-
Filesize
5KB
MD5b3654eff0129be4393fa218acf8e33b3
SHA1b6b87359f1dc15b97c53ddbe49c512ce054d639e
SHA256cd8d33980e848c801fc1d805b92ca1fbb29696e8092ab2001bb238b366baeef6
SHA512dfae56198439d528083d5a57cfd6f36e7fccbc1e2c3b121b4ca11b6dd45afdab84d8a8f1650c4173537cce3082e1a48f80a0cb2304578621dc2da7725890ef5a
-
Filesize
172KB
MD58510b4e3a9c9674ad8a84646376bf75d
SHA1741b7d092174b1c44a56ee6604385c8bdbef3458
SHA256851e817b3fa42f061c7b0e431b97acbd754d898282da2fa8ca9f1c8f5a900598
SHA512303ada9058df148f17004b0d28cd753dde3b434bb868923d3682619e569c39e5a90f9b55dcf00aa5425a7c05feceb89ed41bf92a4e18f5e0585f221730f93000
-
Filesize
172KB
MD5bcb3f49b74a0b74d0b1786ce39b04d67
SHA10815ddbbb7a96d628186de486a65caf867228f0b
SHA2569ddeb1ac5b9647bdd32fab50cb3132d20389c31e09b8a878515398efac7f7a4b
SHA5121e0c66f4b24c64bfc0afe27d7d4bc4a0436b082bc63f0087c0c3e8c490d461fedac8f07fece8f63d23e4c1285ab32c44b65c65516f8a12fa8aaa5b05510e110c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd