hxxps://cdn[.]couponslabs[.]com/px/YWE9MTEzODUwOTUwOSZzZWk9MjUyMjUxNiZ0az1SQ0o5V1BhWU5iWjJIclFaYUo1TCZ0PTEmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=

Analysis

max time kernel
300s
max time network
293s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2023, 06:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.couponslabs.com/px/YWE9MTEzODUwOTUwOSZzZWk9MjUyMjUxNiZ0az1SQ0o5V1BhWU5iWjJIclFaYUo1TCZ0PTEmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133336185642812950"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
388	chrome.exe
388	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 3352	4104	chrome.exe	26
PID 4104 wrote to memory of 3352	4104	chrome.exe	26
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 1396	4104	chrome.exe	88
PID 4104 wrote to memory of 2832	4104	chrome.exe	89
PID 4104 wrote to memory of 2832	4104	chrome.exe	89
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90
PID 4104 wrote to memory of 4092	4104	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cdn.couponslabs.com/px/YWE9MTEzODUwOTUwOSZzZWk9MjUyMjUxNiZ0az1SQ0o5V1BhWU5iWjJIclFaYUo1TCZ0PTEmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff833d89758,0x7ff833d89768,0x7ff833d89778
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1864,i,18187167062777233176,13362989678796817694,131072 /prefetch:2
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1864,i,18187167062777233176,13362989678796817694,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1864,i,18187167062777233176,13362989678796817694,131072 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1864,i,18187167062777233176,13362989678796817694,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1864,i,18187167062777233176,13362989678796817694,131072 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1864,i,18187167062777233176,13362989678796817694,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1864,i,18187167062777233176,13362989678796817694,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1864,i,18187167062777233176,13362989678796817694,131072 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5308 --field-trial-handle=1864,i,18187167062777233176,13362989678796817694,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:388

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4996

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ce6cd538d9018c27f53d01ace3e9cb3e

SHA1
1e1046c1b7ac3d5d9ab43d34d608a1651b165ab2

SHA256
0b639ba9deeca829f17cb4dce8ea6b97a3ceda3644e3eb0736fdf96ef961c5fd

SHA512
35fcf23d6525c48b1c43bcfb7d17c4b9d6f337ff64454d8537230537e65dcb165645703f2d3ec960e883bfcbc7da863404d980b4b45ddeaa4024d0f8fa5fb486

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
247ac743a2b12e2e9d8a1cd01a0be05b

SHA1
dfee04635c2aa3a2c30f72018e509be9f0f68466

SHA256
73a6c32b6ad16fb39833c1319bae8c3f94e1c911c434c669cb18ddd24486e416

SHA512
5b53da741a0a4532d04ef372871a6076fdbdf31ae68b9bb6adaf7aac486468fd48295c186320eb79bec8c9e582635b9c0e7668dafd3bd5b3b47fc6e498393bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e3fcf29ca0690dba3c49b144d761739f

SHA1
b113585be4c5c92074ebe27f16e23abb4b6907d9

SHA256
fb1c2358a98da3da55364ca5721a4953031242865c1824c24ce3fefc60a5cb9d

SHA512
c5f2e8e7ea9a53e2d750a904dae7ee84be5e977f85b4c569d84959098de4c3e82af24904049b937e06cbe35d095761f4141593055467d87fd57985812755bbec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
352c51dc9ea93fd6a1191e5876daec47

SHA1
eaae665b74127b7940c3203e17d40aab3103ca21

SHA256
39e40df2e755f81eb68abb82a87f861d9fe3f6282ba4ad9c8b921aed6de9c9f5

SHA512
a99d4a8a2afc8bb9c15f3778a4c3106563fe33f8c35db03e0d9435fb4bb2e5c784f82910d2da0ac073fbdb361bc62587aa6a8b2c96c292dfe1b49fba8b0f43d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
34ec0d4823a37e2f79643a534baf9fcb

SHA1
2ad7f0ed4a8db52df398642ef46d3e6ca119a37c

SHA256
330572bfa8afb04301a9addd8be9ceb5b4dcc0dfe8a08fd4631e3e539652ea86

SHA512
f82a1cb1da8cd11809b767452de90d45a1c312c55b4ed3d2836470ffaf3dbcbfb22ed6296e445324ef718e0998195839a9e0a633d8a8dd93ad1480cd98bfa9dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
2d2ccc51013f82b19a1247a09d69eb49

SHA1
f2f8fe54b1058f4d6913b40824880efeb704ae54

SHA256
0bbd1b749a0d541ef6b7c8af15d5e37ffffed6bc7da873eb40cf28baf1aa90e3

SHA512
49b6f56f45a9167c79ed7e758e1813c18232fdde087ac2377a27d65e04edb2cb5e63954e182e986ec1bca1093d4ee1052305ca83613f2084bda715b7e0799c67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit