hxxps://bit[.]ly/3JxhDDW

Analysis

max time kernel
600s
max time network
592s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2023, 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bit.ly/3JxhDDW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133338639906461482"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2256	chrome.exe
2256	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 3280	2784	chrome.exe	85
PID 2784 wrote to memory of 3280	2784	chrome.exe	85
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1288	2784	chrome.exe	88
PID 2784 wrote to memory of 1888	2784	chrome.exe	92
PID 2784 wrote to memory of 1888	2784	chrome.exe	92
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89
PID 2784 wrote to memory of 816	2784	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bit.ly/3JxhDDW
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3ec39758,0x7ffd3ec39768,0x7ffd3ec39778
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1808,i,5113347035920927006,13943346707715051627,131072 /prefetch:2
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1808,i,5113347035920927006,13943346707715051627,131072 /prefetch:8
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2848 --field-trial-handle=1808,i,5113347035920927006,13943346707715051627,131072 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1808,i,5113347035920927006,13943346707715051627,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1808,i,5113347035920927006,13943346707715051627,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3664 --field-trial-handle=1808,i,5113347035920927006,13943346707715051627,131072 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3684 --field-trial-handle=1808,i,5113347035920927006,13943346707715051627,131072 /prefetch:1
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3988 --field-trial-handle=1808,i,5113347035920927006,13943346707715051627,131072 /prefetch:8
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1808,i,5113347035920927006,13943346707715051627,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3236 --field-trial-handle=1808,i,5113347035920927006,13943346707715051627,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2256

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4740

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4762562d-f396-4cdc-b456-cf6c855c7ea3.tmp

Filesize
2KB

MD5
f1470127f8be509900bbac1d48b9ebaa

SHA1
82e3a71e83a68ed9c32d0cace1b237c1424e5e38

SHA256
a04a5c05cffcf9255630b4557a20441ebd154814db9245d163430e1d6f319a4c

SHA512
22abc0d74cf127a20e1a1a6e6c57dff602a426731168e19946f87fbd82b771192b5de16f6ec9b000365fdf457fbf91634b962fc95069a1dfedd40728f05b520c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
c5303e83f3481a4932a81d6c337d9c97

SHA1
c427c96b88f4ecb9f1a55dadc10bb1967050e24c

SHA256
f579a70cd9f9aba3e1e2c38bb5e73236bebb2f63d15855d9ea8fd52d3c1b6fec

SHA512
15012bcd5289bac13af889b9336c6ff271bd4263021dc8d63871be5dbf440b4bee13972ee1e7d621051f3be7c0acc82cb1580c7a054fee5e4458e951b798111a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5b60e573354968cea976bcadd0fd6e45

SHA1
2bc5ac9199781ec2b49098a63af50e131415334a

SHA256
320a88039b92d6f3f50430f1e474e42eb7b855573d3dc65791b7c51be353887b

SHA512
6087ec5cbe94b05dc37923e7a1feaf2bf5677585b18c711337d821aa6a45de12409f325fa15a1889336f79fd5d046dce4ac9669dedc4a88fa66327f598125ebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
733093d992951c9a66453c7adaed01ca

SHA1
cfa34429efa7dfb3e36a16b10473397e3087be4b

SHA256
26452abf9a981d5ec1a757bb0b391cdbdad9660e0f00ce4a7b9c64265954f9e3

SHA512
95fe0d9f7cb23988d2d0128775fbea6cab8c1660f409f2987314d3e9e689f0473b4470f445d8aa1e3c6228b9220f39ebf13078ce587f32994d1cb414876bad75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
f8e3b6af09ac75bfbdf6ebb973067b76

SHA1
f8c85bde793dcde1428a57cf5a3e4d885e1cdf0e

SHA256
f44214332b0fe2b0e5d2b8981122fd2cfbe7b2186a8b86b4894614e245bd40c2

SHA512
3ef24eff7b6ae3821f4e17519ed6c414101ceb30c227ec2af6666a370eb7ec0e2ef9912faeec450be00f7863a2829c9df509a0573949b472f65642c1ce0bc7dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit