Analysis
-
max time kernel
299s -
max time network
298s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
13-07-2023 08:32
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://teads.tv
Resource
win10v2004-20230703-en
General
-
Target
http://teads.tv
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133337107415590559" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4992 chrome.exe 4992 chrome.exe 3280 chrome.exe 3280 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe Token: SeShutdownPrivilege 4992 chrome.exe Token: SeCreatePagefilePrivilege 4992 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe 4992 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4992 wrote to memory of 836 4992 chrome.exe 39 PID 4992 wrote to memory of 836 4992 chrome.exe 39 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 1596 4992 chrome.exe 87 PID 4992 wrote to memory of 808 4992 chrome.exe 88 PID 4992 wrote to memory of 808 4992 chrome.exe 88 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89 PID 4992 wrote to memory of 1608 4992 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://teads.tv1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4992 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff929419758,0x7ff929419768,0x7ff9294197782⤵PID:836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1892,i,15669480207114449310,11318956499271474846,131072 /prefetch:22⤵PID:1596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1892,i,15669480207114449310,11318956499271474846,131072 /prefetch:82⤵PID:808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1892,i,15669480207114449310,11318956499271474846,131072 /prefetch:82⤵PID:1608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1892,i,15669480207114449310,11318956499271474846,131072 /prefetch:12⤵PID:4164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1892,i,15669480207114449310,11318956499271474846,131072 /prefetch:12⤵PID:4500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4556 --field-trial-handle=1892,i,15669480207114449310,11318956499271474846,131072 /prefetch:12⤵PID:1064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3852 --field-trial-handle=1892,i,15669480207114449310,11318956499271474846,131072 /prefetch:82⤵PID:4724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5312 --field-trial-handle=1892,i,15669480207114449310,11318956499271474846,131072 /prefetch:82⤵PID:5012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1892,i,15669480207114449310,11318956499271474846,131072 /prefetch:82⤵PID:2736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1892,i,15669480207114449310,11318956499271474846,131072 /prefetch:82⤵PID:4580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3352 --field-trial-handle=1892,i,15669480207114449310,11318956499271474846,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3280
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:956
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x494 0x2c81⤵PID:2752
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ac0f7b432d8116361f7b28ffbfad3e3a
SHA115aebd15ca500bc0f3ba0e015db5ad10fec67c64
SHA2565af02042eaf8deb3e481ce777053e97e238deeca1da369735e0001e03af1ee40
SHA512a6e21c8c9ed9d9b9e3f8deecb83461cb75a2bc037a6dd300ead48df8b58717fed054207945f9cfb2900a40e3a8287a364808ef88f2f5957b38c7f8dd0a1c77dc
-
Filesize
1KB
MD5ce217455e8d4201c545d94aba0c4da3f
SHA188104bf0e72a50a492ec4b31376551898880fdfe
SHA256f482b9800b10c4bca1bdde6a8a00efc455c5df6c094552f697b71f8ddb20921a
SHA5126ffe58af829c9ff9670b39108e9c178b53ed1760c0c6f654d97bd40f36fe8b57bd492ebaf8114c0f901de6dfdbfb55fa26aea17ccd98a8a4b54877290d8689f8
-
Filesize
2KB
MD5d6d57c26875eb291df2e9c993ef8c955
SHA17d41522576fb06fd57d06f3102947ebc9dd5dbe8
SHA256c23583794a9811404074d56c4b00f498549426479f75bf1f228fbbaf2e96c555
SHA51261656dca138a51e6fb8fc99e46dfe06cf20f656897cf743bdc2ba9ea228650aa3cd506ea6aa03322528c916f0c734bbeeaa66deed2de80820e8380c40a043dd9
-
Filesize
707B
MD5bd103da156378ed00d8b016b0e861f72
SHA1fe4c3421339462e5f6b9473bc434557b11e43b80
SHA256d1714f9f48156dbc73e426a767835a3d0b077216e61e7ef7cef28b19882929a1
SHA512df0f791c4710773a5b481d11bf4a51ad0345f053a1dd0251ee381130aba8311d424714471e6f27a378123909b1181c38b02c837d7495b5a2a667f8f5e6a24b3f
-
Filesize
6KB
MD5eeebeaca2bf1190ac36e5d1be794a87c
SHA1d4f6a9efe93782529191f1d9a9af4b9cdb8e8cfa
SHA2560215907d3820baa6bced2c7f011aeff00cbb5dbc557d9b6e8708038de2da9500
SHA512ec4b7d4912b3983688902cbb46fe582b84da10144237f3c9e08b086df3c9098e4b803b5b7f3ea110f71c22399ef7d02ec58ebe782e2a764a81aabf2f487ea510
-
Filesize
15KB
MD5681901d4e854fa0802eed15c636e99d8
SHA1cfb53e461c140b79c3f92292c4db2f40ab8da9dc
SHA256da65ebcf9023a57d3851611c38b6ec70c475bd79d6d886e30e6222d733bb913d
SHA51256e2b6967bec596bc94d982cd062fdfcf5eb5eda5e6143d18095e0270ab4efc113ba0a1e5e5c3a8f961b450e48a606a757eae3c4af57f02301f211f34384a513
-
Filesize
173KB
MD594636853d9e5e990c47fe32dff9f5adf
SHA15c14e10dbb355243f8a6f2f5dd984a29a688ef16
SHA256f8ebe7f303250293db657603c4c17dc0c8f8a850de1d7641ac5970b77c42c5ac
SHA51221d87ff8fc969f7bfa1f88649bfda2400029d46ea6892ecaf2a0bb12c0ebbdb0bfb1b31768ec33fd0330e2521ad3e527e5f1a55150c4a92a2c9b27422cc837d8
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd