hxxps://vijayawadamart[.]com/x2sx[.]php

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2023 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://vijayawadamart.com/x2sx.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133337404640027180"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe
1132	chrome.exe
1132	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeCreatePagefilePrivilege	2392	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 3744	2392	chrome.exe	82
PID 2392 wrote to memory of 3744	2392	chrome.exe	82
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 2208	2392	chrome.exe	88
PID 2392 wrote to memory of 3640	2392	chrome.exe	89
PID 2392 wrote to memory of 3640	2392	chrome.exe	89
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90
PID 2392 wrote to memory of 3176	2392	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://vijayawadamart.com/x2sx.php
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93c529758,0x7ff93c529768,0x7ff93c529778
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1824,i,5069634515586405375,3965180216572966741,131072 /prefetch:2
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1824,i,5069634515586405375,3965180216572966741,131072 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1824,i,5069634515586405375,3965180216572966741,131072 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1824,i,5069634515586405375,3965180216572966741,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1824,i,5069634515586405375,3965180216572966741,131072 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1824,i,5069634515586405375,3965180216572966741,131072 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1824,i,5069634515586405375,3965180216572966741,131072 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5112 --field-trial-handle=1824,i,5069634515586405375,3965180216572966741,131072 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=968 --field-trial-handle=1824,i,5069634515586405375,3965180216572966741,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1132

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2412

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5d5d4db2ea71890b6f060c6ccb703fb6

SHA1
6c9ee77ec3bafe1624c7d8a905b1ca13e707fddd

SHA256
c3db5cffab135e1dfcdc6fbfc7ec26896bcfa3e5e1f0c79884611ea254119468

SHA512
abb354d34fde1a69790796c6e73c71d4b22a516df2be2db27f7fde310a362f9090dba33a3dee9a6647e3096ecd903ab09e54b5228bdd1b4b078b6f66ea2d3936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8cfd5ba40ba855dec2c6dad5a8ce48d7

SHA1
e787e0432d94c6b47d590378e9a3af6fba5bb6ab

SHA256
e1eecd21430962e29de0f5240fd43557f37def5b30632b8a16001b40b855c4dc

SHA512
daf92c36e2dab5b35820b640a5d15032778717ea18b2fe699eb7fbf397893f8f043fc0e03fff8375f97684d5d57cadbb0e0c759878003a881a9150a187a42a74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f7ec4dff4513c2749c33108b2faedb5b

SHA1
545e37ae157a0db837c040de88e2ba5589be7301

SHA256
b2194545f93722a1d9efd75d0dd040f03feae14e578e8681a00a4211fd033554

SHA512
167fda88ec4f668c87165d9484a59d276ff6bb6ff9eccacfb608734b115084131c19c2a46e530d82075040c7a39b71ed744cfff80b4a3cfc706207aef8d0c4de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
cc1bfd398725567407812955d2260784

SHA1
92f1a2941157fbbdb4b5dd892722a867bd516769

SHA256
50449836f090b698eb71b10ce8703e9151ff01fd37d782f34521b6bf957b56fe

SHA512
70eec71e6fb7c8506e25fe2a5c51ccffb2fc67b34e7fe737c0156da6ed5c7c97ac0fdcc71bb75483fb6c59379992f710c249aa9893361c142cb50b64bc562c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4eb9678385a2709e76b7fd0529217e86

SHA1
fc807a00f5140d2b3c243065a07b1716411846f4

SHA256
3dff6a58ff898a370179901ed25694fe496143e0ad281268d6bbe155ce511f08

SHA512
d7e282f1a754034bf0894f58803087d59ff56d40ce82f5cd10a174e909bd38357ea4467944606dc92acca004b3fa489eff4b16dcb51d46006acbc45581355514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
e121e5e7793eace2747674be5a4b7404

SHA1
7d8a1af6e11a53eddf71d5772cf14ba0b2d056d7

SHA256
f71561009aa7e1688ec5d6eebbb2785000f076ef3b74ac8ba4f235ace1c6d55b

SHA512
3b0e6431d29acf5169e1a686876e1e69375741c2bd687fd862a059db9fe7f11df9c34b3f4357bb27f2eeff0177cc22645d6ab627d088538d07f5c508d0a5356c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit