hxxps://yougotagift[.]com/saudi/gifts/barcode/generate/4198477394169/

Analysis

max time kernel
150s
max time network
142s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
13/07/2023, 13:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://yougotagift.com/saudi/gifts/barcode/generate/4198477394169/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133337286684184769"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2776	chrome.exe
2776	chrome.exe
3716	chrome.exe
3716	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2776	chrome.exe
2776	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeCreatePagefilePrivilege	2776	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 4132	2776	chrome.exe	70
PID 2776 wrote to memory of 4132	2776	chrome.exe	70
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 880	2776	chrome.exe	74
PID 2776 wrote to memory of 932	2776	chrome.exe	73
PID 2776 wrote to memory of 932	2776	chrome.exe	73
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72
PID 2776 wrote to memory of 3084	2776	chrome.exe	72

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://yougotagift.com/saudi/gifts/barcode/generate/4198477394169/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe372f9758,0x7ffe372f9768,0x7ffe372f9778
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1872 --field-trial-handle=1856,i,942024623702895129,6215167744780707781,131072 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1856,i,942024623702895129,6215167744780707781,131072 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1856,i,942024623702895129,6215167744780707781,131072 /prefetch:2
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1856,i,942024623702895129,6215167744780707781,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1856,i,942024623702895129,6215167744780707781,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1856,i,942024623702895129,6215167744780707781,131072 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1856,i,942024623702895129,6215167744780707781,131072 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1856,i,942024623702895129,6215167744780707781,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 --field-trial-handle=1856,i,942024623702895129,6215167744780707781,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3716

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4960

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a2d4c6c0f0ebb870b7de1afd57fed809

SHA1
e041718fc4d15c0773e298a2069afd2dfe02724d

SHA256
521a59822b9fa1a01889514d32d232ad6e6105fa24ad25bcf25e19b1f52be065

SHA512
b41af7187a74e8cc34673887431c4722ae09dc541558849efa6952c55043d234cdb97cdb5e1174885ed5301e798e4392ff44d20eee763b22d9cbf8532dd919d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
cb7ba73d9f81ad13cbe87f56d49aa3c5

SHA1
f1f26da0812b8e8308c25965dfdc47fcde95acac

SHA256
ad8192d59955946446c15a6056124dfcf95cd036029dfd08cc9e8ee04f8e71b9

SHA512
338c536e5682dab249e364c381460513f3428e751b89d3ff37a79e43be8803480571d15c63eac1fac0ca97413732758b845d550d3818d95a1b9c127f6ead1d91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
439b624e99ab2394991dc7e4f443fa46

SHA1
6ad06bf60613dd602ad4a43098209e48692cebe2

SHA256
7797de1d98c5b4f1b26d0721aab21f3c5e51782a5e3cb0dd4ecaa40d72f7d208

SHA512
bbf20aff51a5f6da9673ef9d30134d81f248d845cdbf88f6b3a575c4a12d66de55cffbedd89771a5f0f31d9ca93fbb21ff0c6d06e7b9d3b7ddfeca3012e7ffbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d5a0f751b5499ad3b42025a4724f3cb2

SHA1
52cf3b764bb9fd5f7b47d52f644547e3fecb262d

SHA256
1be94068878bd2dadc5b2b5ad268bac005c4697d65e663531aa05d3e4c0a104e

SHA512
d7efbec9091039a6044504c8c6e30b4e2a75546738e47cb70222c301c3c708e7bd9e85eac62f70c57439ab73bb2cc67a65d74d8d097d35d8b7c73c250408d3ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
db4385727026ab154ec2c6f3b51f8004

SHA1
7cc6c4351379f8ea8508961753888859eca3815b

SHA256
ab79d4e47f9af990f9f34d67cc1390b3d39e8054b7db94d2b24bae1c8ccd5750

SHA512
d94821af343a8f113b32ff14022e7031e36cf07535196899df45bea13e66856175c4453948a5e03ebe3a5f6da9348bf43f42d52c6dfedc9f601d5fc4d04f83ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
3e0c8e7e54e2fb214561701265802ecc

SHA1
d68332dcdd636930860e6315d07155f3e73dc00e

SHA256
6ebd9c4de058e33c408649fc51c86d7979187036340b6b3bb944202e80850ff3

SHA512
ec1e8e89224b46caeda9395720c10b81c8721f387827e26255fe97611855dd9adf7af6ca79ce9029ad3d0f80cc16fa63ef236929b7eb4b320f920bc441674a84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
093365ebe428d27ceadf4ef2bc2028ae

SHA1
b6453ec32deda6d61143857e68cd5657b19f4af0

SHA256
3bbb525b35219d9db2be0404bd090fe76b267370b2f01fc1c359f8b359c1e4a8

SHA512
c65111b4ae535ae92670248dc299d1997d523d462822364e6ca8b5cb7d65802905c72c458b0803d1b85e9d6b559072cea8ab5292ffc347367f0227cf5da755b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit