hxxps://www[.]iamsouthcentral[.]org/

Analysis

max time kernel
600s
max time network
489s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2023, 23:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.iamsouthcentral.org/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133335904869948192"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4576	chrome.exe
4576	chrome.exe
2676	chrome.exe
2676	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4576	chrome.exe
4576	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 3584	4576	chrome.exe	84
PID 4576 wrote to memory of 3584	4576	chrome.exe	84
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 2668	4576	chrome.exe	86
PID 4576 wrote to memory of 1008	4576	chrome.exe	87
PID 4576 wrote to memory of 1008	4576	chrome.exe	87
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90
PID 4576 wrote to memory of 1612	4576	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.iamsouthcentral.org/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94ea49758,0x7ff94ea49768,0x7ff94ea49778
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1916,i,15259249900906623257,8652758121120984040,131072 /prefetch:2
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1916,i,15259249900906623257,8652758121120984040,131072 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1916,i,15259249900906623257,8652758121120984040,131072 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1916,i,15259249900906623257,8652758121120984040,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1916,i,15259249900906623257,8652758121120984040,131072 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1916,i,15259249900906623257,8652758121120984040,131072 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5216 --field-trial-handle=1916,i,15259249900906623257,8652758121120984040,131072 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1916,i,15259249900906623257,8652758121120984040,131072 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=912 --field-trial-handle=1916,i,15259249900906623257,8652758121120984040,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2676

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:468

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
337d00aa21728261294bba59481d3228

SHA1
bea0db39f34ca92693da95681a08dce95e90e14a

SHA256
b253a510fae13622960cb57325210d2162f855d3cd8f8fc7e3b49e9f20d2e3c9

SHA512
c044920bc51fddc0a3d19ab2034167e71c9b3999041721b74d96257aa2011e2f95d75b46fa7cd672d197a1d3521b7a400cd3e71d7102b1e19f0bdc0d1295adf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dbe7d8480b144c966e5102279e69f2e5

SHA1
698f69e69bf076b9973f765859d969d18c609bd6

SHA256
8507bb40600a03bb8da94189c938a55cbdd5e0718cc1f59ba25233471e4f6af6

SHA512
764da9112bbfe049f00bdbfd539797a0fbb0e051b3d8a6d345b32b62a82782b9c0d35d9477ac850a4ceb3df2f88fbb13c026340d31478fe0703d5e36e68db94e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
c99442202cc2b5bf797b7a9dbe66d9da

SHA1
cd13717d60429b036945d7130048293b5496039c

SHA256
b89d387d548754f89d8452578247baee226ae17ff359e5d81f1064c0ddaa8116

SHA512
7b5a8cc47928594585880c37509f17b46820797d38fe82d0405e4b0edefe56b8abf08d4f21afab4bece9cf02bb25e3c6d0784d79dd787cdac048888746497898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5f829ad5cf3c07a3cb15cff92dcccb87

SHA1
e3a1c8e2c2dcec6bf0a94d04ca8515d8f9cef831

SHA256
2bf63fe30da595bb94558998a7b39b8d5f999d312e301d96a2463f2afdb303f1

SHA512
881975b23ba75acc0e2589e9802404d91b98c88526b2cb57d0d872c0445f16f4aa86f394716d907e493b0b50e751444d13a9a0115a54a9c4f60726a468bdc822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0950ac2106c72b4a3a54bc4bd00ffd8a

SHA1
1a72818ec96b0c7956a95a4a2ecba700d377f500

SHA256
99433615e57f6cf848688f9aee9205009dd5469f2aa582fda7cd8898d661a51a

SHA512
b9bf92ff325bbc84fbe583054e4eda5cb3b2bfd3d60cc88382fd1d3b475759f614b84a4e5746aea8a41d744310bd7ab40f3ff59acebf448d2a6fadc0765d4072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8ebcfb88f315b8a7ed4dd99afeb1c0c4

SHA1
84b303994869d7a53ba44189a6ade6822a8e1b01

SHA256
0674eeb693265c49c04d98b3a27d435dae362a166c99fad117cd36763ac2d69a

SHA512
c75bdfc30f7c811f488630c40a494c7898800147a313a0ea33a12df46ac13402fd539dacea46a7969ab852cd8f41afd61391063e5300446453973c7605810d3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
a526c424fb4c6e02a968d076d3078881

SHA1
15b02c9fcad5e6e7fa5f42bec41aa43a7c5aa156

SHA256
1734beb0c4e043cb89bf0b3bc87101926690ca0fa4e3671263576ef39850483c

SHA512
226849b4ce36da23c56311b8ec26a7b5ba0b8105b194bd9bba2a99e8c6560dcf45cce078ab7196ad42d14c59da33b35a4195c6fa56c5d91a7e6db6783e9c633a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit