hxxps://t3jcskwc[.]page[.]link/u9DC

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
14/07/2023, 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t3jcskwc.page.link/u9DC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133338391935313965"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1372	chrome.exe
1372	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1372 wrote to memory of 3216	1372	chrome.exe	67
PID 1372 wrote to memory of 3216	1372	chrome.exe	67
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 2036	1372	chrome.exe	86
PID 1372 wrote to memory of 4660	1372	chrome.exe	85
PID 1372 wrote to memory of 4660	1372	chrome.exe	85
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87
PID 1372 wrote to memory of 1124	1372	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://t3jcskwc.page.link/u9DC
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee2cf9758,0x7ffee2cf9768,0x7ffee2cf9778
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=308 --field-trial-handle=1840,i,18317249379107576163,13325623808260289167,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1840,i,18317249379107576163,13325623808260289167,131072 /prefetch:2
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1840,i,18317249379107576163,13325623808260289167,131072 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1840,i,18317249379107576163,13325623808260289167,131072 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1840,i,18317249379107576163,13325623808260289167,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3660 --field-trial-handle=1840,i,18317249379107576163,13325623808260289167,131072 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1840,i,18317249379107576163,13325623808260289167,131072 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1840,i,18317249379107576163,13325623808260289167,131072 /prefetch:8
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4664 --field-trial-handle=1840,i,18317249379107576163,13325623808260289167,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1684 --field-trial-handle=1840,i,18317249379107576163,13325623808260289167,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=932 --field-trial-handle=1840,i,18317249379107576163,13325623808260289167,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1164

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
79a4016198b6bdd03f1f45d81277da74

SHA1
25e6a7c111790e5f2cfcbbd3ae86a625726a42ae

SHA256
15d1dfd0c415fae7917b1cc6b36483cd409a25a1fb46e63db6ef044063b2deec

SHA512
e76a5b1268360602a5eb47ca8a3f2b57814e19fbb75eb38fa83da06056619fe49134f4e335a3a8edda9f2af535109874ddcf947eabcfeaed621be34b573d7614

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
d1796a8faee8fb9dae6bfa31bf1cad9e

SHA1
fad309821551054ef7e734ce00239552e6196d8f

SHA256
452ac4309ddecf1c54ca90e0d3cb40ca48930610ab446e7cce6cdd2115353f42

SHA512
b724e4db0b5cd8c74a7b298bde36f087af00d2e02f8281123a712e49937508326060df6a3fd026b975282a5bd7001cbde5e3ca2920895fbdae09abd1e656bad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7fb7b00594985c0495ecb42eac404bf1

SHA1
6f88b6b2d25e8523bc21bf476c766a638d999ad5

SHA256
62f04f71b17043c91ff20d7fba972515c7578939db86eb5db6a8a6f80b2d1b7c

SHA512
9a259126f19b9560069391e00a9b791e85931b98bdb87b41eeec2651a1cf885c3c0b60463f0ce076ba1dc2f78bdca36ec057e6ea9beb6bb97e4bab805ac47f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eb3b40b4e431de66c8caf30357e46975

SHA1
67866ad8b7af094cc6ea234e67afb566b9616233

SHA256
e1679d2aab4b398c34ff2f37cda6f662cb86ff14c6d9d40c24d56fb9603b594f

SHA512
3b499f06d78beb977dd70fc1f8f1bcb5e0507f9bcc82e8556a0e732b7354431231ad6eaf782447fabe5088820920ccf3b20713677f6c1f478e8c397db08fac21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
185d3851056b049a8f8a944c095db97d

SHA1
19215f21cac16e42c00167b6573830f3bf71f9fb

SHA256
d6286dd0a7acd8634113a73ec7a4de0dd00ad6dbef33fb0c7d0fec0bb8f09eec

SHA512
2c3d5fe6e2f397e6f83c174cf96506adf25346ea91ecf6cb69f82ff63de56c7dcc2521e7664038e41b21f94b7aeae0a1c7a256c2009e13a4664cf7cb5bd0e19c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
331ab29eda3fbb55e892e24f814399ce

SHA1
513e5398ac7a43741c45c47fecde57dc0f33fb9a

SHA256
d143410e715f8051e50b5bac875d513d3f4c5802ee923eedc58d6e279c40ec53

SHA512
452a492688c9d90584ba63d5421d3f49c37c37c74fe3acd5b542c93732d77c577d0fa6f9350382a2cd8b102367aabbcaa56b20cec7bb93b0da5638dde8ff5d97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit