hxxps://secure[.]adnxs[.]com

Analysis

max time kernel
112s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2023, 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://secure.adnxs.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133337045773767751"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3556	chrome.exe
3556	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe
Token: SeShutdownPrivilege	3556	chrome.exe
Token: SeCreatePagefilePrivilege	3556	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe
3556	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 3148	3556	chrome.exe	86
PID 3556 wrote to memory of 3148	3556	chrome.exe	86
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 3928	3556	chrome.exe	88
PID 3556 wrote to memory of 4808	3556	chrome.exe	89
PID 3556 wrote to memory of 4808	3556	chrome.exe	89
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90
PID 3556 wrote to memory of 4524	3556	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://secure.adnxs.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeeac29758,0x7ffeeac29768,0x7ffeeac29778
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1828,i,17889547868418538012,14805226457494652542,131072 /prefetch:2
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1828,i,17889547868418538012,14805226457494652542,131072 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1828,i,17889547868418538012,14805226457494652542,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1828,i,17889547868418538012,14805226457494652542,131072 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1828,i,17889547868418538012,14805226457494652542,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4284 --field-trial-handle=1828,i,17889547868418538012,14805226457494652542,131072 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1828,i,17889547868418538012,14805226457494652542,131072 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1828,i,17889547868418538012,14805226457494652542,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5124 --field-trial-handle=1828,i,17889547868418538012,14805226457494652542,131072 /prefetch:1
  2⤵
  PID:1840

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1668

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
cd8e4abb586110c9621d392ae64c97af

SHA1
f2aa072fb17792c047c22d3579cce510ebeb16fb

SHA256
c3b47c971bf37f572a93c59cc53b601184e14e6d6a935cc5e7eac192e0bfe597

SHA512
cf29dbe4b05105cc959237b4ccbbff0a7bbbd283ee3cd16d1d849b5a37eae3d43586ed998a3769e0d405af4928ff0929d8a4c198132ad08834c51b0d61e48593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
e03e02f3cbdc4deae60d00cf1203dd9b

SHA1
3edc33139f194f77359411830948549883df0e84

SHA256
6d6a3f261922b527b83c71260975927a5329c3eaf854bbd65cc63c8a5f877205

SHA512
4f21a934541b8d74c80743e0831d6b6a5da5051d7095334d762392a0ac0ddb3924428de64c4f3166cb001e7b09bdfaf3dbb76ab8e2955a338ddb3880b8d7a5a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
54d9389b3bbc0143f156a8bf527358f7

SHA1
1fd6cc782ea607e90b05c91e71e9100a01986d7c

SHA256
c99bf637aeffdfdc3fc581bb7cbfe64c5d806cd499a2a6a3085d0fe29f229e01

SHA512
d19d58080f5cfd80fea399518251c18e344764c738ef7d7e9a956319593ff538707455ce5dd5bd2afdd9fef97af2872a57eb114ee5f3519e7052b9b9a5861281

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
0cec9d27ac71099d47a2296c75cb49e2

SHA1
2d28b4a620b20c7cd778ddaac56f575830784747

SHA256
827bdb735469b1e04e0fd36c0aebbadd9b3996ebfaf38569b5a07ec4741253a8

SHA512
a85fb1a0755e771d6ec49fa338f3c4ee2b1ced7acb1755657741f71c7c5a92e3dd45e79c1f8d9bdcd1c171ec039d14a119456cb16c1a420ba74357523c28c15b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ec715cbc17624c0633dc2af36947bc1e

SHA1
75731dd25886b4ef7a55bf9fb0c8385ec56866ff

SHA256
c0b2ec2bed77a3b41413c31313decfc93c9dd014319dd51baddb3553dafbeac4

SHA512
a59eebe903805d6a08886a5e8c15ed520b7f04fa654943fd0e88e90f26ce1222248200ab507cceef0db252287d5bded1efd8de50150ea3bce84cb3b635fd22a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d61dc3f583de40fb70e453f281336a98

SHA1
7386bf4c94f6c6a2740cbe6945c0129a3a0737da

SHA256
e8faa5d6cc0fafe471286b785166cafa6a0552c6f3d5aa7a316ec5d5febc8450

SHA512
8e21f1cc7a031548169840b6015dcaa915f4000ac1157ef43607c83e69c1f532c36b1f175de4bde79825e61239f5ac507b58942a81d85f58c72ae37dc4a1356a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f70de6d7bcac26c6b928e6227c85e307

SHA1
7bc54fa6411381d9f076286f99c6832196d35741

SHA256
d4eac0447c68ebc17df613aa29c7fd03a4a578bd66656e237c0c4a7560a7077b

SHA512
23e87652c25f811b57846e8a89f1b4b700dab765559734f27a792868d3cd027c0f451ac9d411b905fe9ffe73c48fb427de5fd64d5f8de72302e751d2662d03d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8fdc26fdc994a651c4c68df1eafbc8c0

SHA1
f1b5d3b890c655750cab2df8c777a74b86acb31c

SHA256
8cf24edfd8f260ac732e590a6cfd787fe8d0783ac46aa55c80b01ce0b800a230

SHA512
0feb368a66e832c1d89c399659eaa4092f162aaeacd040969739f8173dd6c3138c219a8df2a34853f8959183b907bc51b9874bdc0fc9cdcefaef0608f9539af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
d9d2aa45d042e0136b6a780c57ffd69f

SHA1
253e7d919e7ddb95c2ee67e7a60279ff9b3b17e3

SHA256
04f5debf8789ad9c3371ab6475588efae302f394ebe54bb1b849653258ac1287

SHA512
640c4d7b70155b8d5ac9d4b5a0f430722f340b5b4d27671199a4206b16770250f2c76612dacb735acab4233a939044cab2b75c8e1bded68abb4772fad4ab847c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit