Analysis
-
max time kernel
599s -
max time network
591s -
platform
windows10-1703_x64 -
resource
win10-20230703-en -
resource tags
arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system -
submitted
12-07-2023 18:20
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://sparta.rpc.org/wordpress/[email protected]
Resource
win10-20230703-en
General
-
Target
http://sparta.rpc.org/wordpress/[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133336596630037672" chrome.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3716 chrome.exe 3716 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3356 wrote to memory of 3704 3356 chrome.exe 70 PID 3356 wrote to memory of 3704 3356 chrome.exe 70 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 4540 3356 chrome.exe 73 PID 3356 wrote to memory of 960 3356 chrome.exe 72 PID 3356 wrote to memory of 960 3356 chrome.exe 72 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74 PID 3356 wrote to memory of 4952 3356 chrome.exe 74
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://sparta.rpc.org/wordpress/[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3356 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdf8719758,0x7ffdf8719768,0x7ffdf87197782⤵PID:3704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1792,i,9675748179066887823,5104241547073123439,131072 /prefetch:82⤵PID:960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1792,i,9675748179066887823,5104241547073123439,131072 /prefetch:22⤵PID:4540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1864 --field-trial-handle=1792,i,9675748179066887823,5104241547073123439,131072 /prefetch:82⤵PID:4952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2636 --field-trial-handle=1792,i,9675748179066887823,5104241547073123439,131072 /prefetch:12⤵PID:3068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2628 --field-trial-handle=1792,i,9675748179066887823,5104241547073123439,131072 /prefetch:12⤵PID:3648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=1792,i,9675748179066887823,5104241547073123439,131072 /prefetch:12⤵PID:4832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3076 --field-trial-handle=1792,i,9675748179066887823,5104241547073123439,131072 /prefetch:12⤵PID:2632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4740 --field-trial-handle=1792,i,9675748179066887823,5104241547073123439,131072 /prefetch:12⤵PID:3484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1792,i,9675748179066887823,5104241547073123439,131072 /prefetch:82⤵PID:4000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1792,i,9675748179066887823,5104241547073123439,131072 /prefetch:82⤵PID:768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4448 --field-trial-handle=1792,i,9675748179066887823,5104241547073123439,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3716
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4100
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
336B
MD5a957618144a30bb8a47975942201c20e
SHA17755b2e1d7b98a16ec0a3ca088f3631a7589cdee
SHA256b768dc24899940fee37f4f9593694f9a53da383d1bfc0e1381eeddb7f2208d07
SHA512791a5aeab5f8549b3f7cc98fba469369bcb466ffa8e3f47d54433034e624d7518237c1c02fd90f8d3d5e972b7881403daf9db9e5fa2423107a9ffebb3bd7f7e2
-
Filesize
3KB
MD54d48a8c786311a9771432002cea466e8
SHA1772e83ce9d23b6a2ed644de359851e27123b9b37
SHA25668e70ce0cb9ac842ae10088d161ad418bde8db4e227bed1a73f57f75d4dc2346
SHA512e74615ffcf9a18b6210a09d02d913700649ccbf9289f3f41a745e95f67bb4397b6b0f86c18d2c49267417af29c3e98f6be47de4f08dececdfd64addb6d997fca
-
Filesize
2KB
MD5ca78e08f7abee5d063b9a77fbdd75588
SHA1aed1cadc540fe740c9db2d0aafe209a862f7321f
SHA2562061f27e235e261b0d6864ff3b379dad1f99d411cb56990c897e816af7d9be1c
SHA5122dccf299f5060c0bd54bfe45f689c34bc2a58a040ebfb0616e738ea7948781a52776ac83459291869706c2cfa15810844fa8d1c4a534b623d947799b43c6cfd6
-
Filesize
5KB
MD575da799afe8459cebccbb4e0379611b3
SHA15b409eb7d09bb95450ff12eb1d9f7c9fac0f5a6e
SHA2564dca078bc6cb305e64d7e83210585f3e00e24c5b4ebdb0df54bc40b2d41776cc
SHA512b0339ac6a1aa3c589698202c6d18b697db7cd3d5a712dff9e2a021402aae2293bfbe058e1c9feb3e6008477ea296d20d83623d798425486e27ec4bd0ee8ef322
-
Filesize
5KB
MD51f810a9ca8b86ccd26a9e90f95461cac
SHA1c30caa6e36bae76506531c8d1ecb1e3d997ab6d5
SHA25652b34dda93543ce7ab627b18ada7f12e9751fb38cffe4b2e508e51dbcc580fa8
SHA512cef7566d96c248e8766e5c992ea59e1a6bf7f521bf1910c84c419afada87ce3bb07443c6ed03c29b8309d7fbd41facc8bd5da9aa4de2c00cd460fad5a943a1f7
-
Filesize
6KB
MD537f92abe72cc7a452297792f405b077c
SHA10fa6152bd9e2a5840e530da83bf8398781eff201
SHA2569a007e4430846dc274148c62833a76acfd1e5b6144fd39e237a1f709e4e925af
SHA5126a0f814293c1408ecbfafb60c5ac6ec327ea1ac198a6c2fa64c2be279a37aeb545219a175fae3c4323e8e1be89a8195b897f69cf7cd2ac2443cd3ef9036c5244
-
Filesize
173KB
MD51dc0c97f2ae6ae447e6e965f509d3642
SHA1cf44c9c7360f4b168c77b2b5a45ba76fb92154fb
SHA2561711c941b2073f9859b75017ea24149a8776888a14f9cd7ce7641f9bad123c10
SHA512f23f8a3eab63c897824e909cea92ed9cd931feaedbe8ba5ddd7b5e58a7b0c99c62a76e6d42922b728260df5cf82337e3c381504c14c0cd0a8dd15e8f7c0c596f
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd