Analysis
-
max time kernel
500s -
max time network
489s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
18-07-2023 21:56
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://asacannes.com/detroitchicago/augusta.js?cb=43
Resource
win10v2004-20230703-en
General
-
Target
http://asacannes.com/detroitchicago/augusta.js?cb=43
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133341910183179123" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1200 chrome.exe 1200 chrome.exe 960 chrome.exe 960 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1200 chrome.exe 1200 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1200 wrote to memory of 2348 1200 chrome.exe 84 PID 1200 wrote to memory of 2348 1200 chrome.exe 84 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 728 1200 chrome.exe 87 PID 1200 wrote to memory of 3404 1200 chrome.exe 88 PID 1200 wrote to memory of 3404 1200 chrome.exe 88 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89 PID 1200 wrote to memory of 4764 1200 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://asacannes.com/detroitchicago/augusta.js?cb=431⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1200 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeeb8a9758,0x7ffeeb8a9768,0x7ffeeb8a97782⤵PID:2348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1764,i,2237200947806620112,7828110836331589648,131072 /prefetch:22⤵PID:728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1764,i,2237200947806620112,7828110836331589648,131072 /prefetch:82⤵PID:3404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1764,i,2237200947806620112,7828110836331589648,131072 /prefetch:82⤵PID:4764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1764,i,2237200947806620112,7828110836331589648,131072 /prefetch:12⤵PID:3420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1764,i,2237200947806620112,7828110836331589648,131072 /prefetch:12⤵PID:2756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1764,i,2237200947806620112,7828110836331589648,131072 /prefetch:82⤵PID:1156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1764,i,2237200947806620112,7828110836331589648,131072 /prefetch:82⤵PID:1148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3700 --field-trial-handle=1764,i,2237200947806620112,7828110836331589648,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:960
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1928
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5cadc4945de0fd8dcecaad9273c66be21
SHA13ea3b386fb68998a416a644984efd8c819afc34d
SHA2561e33b93731fdc32e3cd92f4a3732039f6a7663f5c2fa39db2db2d9ed072eb990
SHA512d38042bedba1f99658800786e35ad3729ce626a0905dd7ace90c1d48e08c2b6894f84276dcb1e9be671a64df4ec3c2c1d21e169654f15c781227b389c31d2a4b
-
Filesize
539B
MD5c9f45bef68d4fc4e9a6a75213c7b1e8c
SHA173bec9558068c142d6a630eeae4047cbf7ea2889
SHA256c10cf2382edab372e21b0ee09bf879193ab44cc8c350bcc60917cdc50709fd7a
SHA5120b0795aa48b423739677b7534d60b27da3c25e6c02a03a308c7017fd3fd99d639bef7e55f7dc28510b64c8963867199bfded8611ae46534fafa9600dbc979a47
-
Filesize
5KB
MD579eb37c929318231a87a92773774a0c5
SHA198bc5e1e348bcc7b5443732cf0bc43fa12d48e15
SHA2563e88ff8ed536be098de6213841344ba8b0a1bb213372defc57a95180a3ffc912
SHA512aece193c527066dd5980f70a3db9abe8c7b90e9a513e57dc306db9de893d31c43caf714b9dedc283ae31858572afb7f6f0cc5b39644cd29fd9ab6a88844b2ecf
-
Filesize
6KB
MD500c68aa1e5b0e9f3097a46e40c8dfe95
SHA10ca585ba85c3f1d4712b9371a8333d25c5abcef0
SHA2560335144c418970f456f627c0d22f0babf7321a71b0e4d5b84d6dea53a9c8a792
SHA512440e3b23491856c1d4347fbb624d50dc34c36ff915e03f0afdd05f955ac629ced8b204ca582ff158975a425349500a2fb7abdb74cce9a22cde90d5c85e290240
-
Filesize
5KB
MD57cf8cee255e7a597f484d5514095bab0
SHA154a6f4f3d5a79e0b023715f79258277076d125ff
SHA2562bd1be50792a0bfe17a3cae5c17747a53a1873f5e5de62b6cfc98040ebe8493d
SHA512bed76046d6da573034a1581d96d7d39690de0fade3d360761b71221e914412a52acb361440a316ffe99cb92cb7afe455188805f068422be67be1aa89454a0983
-
Filesize
87KB
MD555b8cdae00cdb616b71c152c7c381f7a
SHA19ea514045c01f305227cc8476f248607ef8c5a36
SHA256bf9833309282ac330533693311a4890eb289f5c455d59bb6f8d053ea7aa4ac65
SHA512fed5d90cf0ca5aa4cecb88db8001233f680e3dfaceb20477b7cce941261421acf89b6985ca48c996418f3c734fc3ca606fe40eed587bf54150eae3f37bb122d2
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd