Analysis
-
max time kernel
46s -
max time network
41s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
18-07-2023 13:41
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://zsij.5x0gno.foryyou.store/#aHR0cHM6Ly9pcGZzLmlvL2lwZnMvUW1YRTlhUnZ0bUE4ZlZwQThFZjhLWVd5YXJjYnBDbloySEhLejQ3Y1FzVnZMNy9panJ0Z21rZW9namlyZ3RiajhyaWJncmlnbXJvZWlndG5pcnVuaGd1bmdyaXVnbnJibmlmbmJpZm5nYmtmbmJkZmtuYmpkaWZuYmpkZm5ia2pkZm5iamtkZmJuZGZramJuZGZrYm5rZmJnbWtmZ21rZmdtZmRna2ZnbWJma2RtYmpmYm1iZ2ZkYi5odG1sLz8wODowNCBBTTkmI2FuZHJldy53aGl0bG93QHNhaWMuY29t
Resource
win10v2004-20230703-en
General
-
Target
http://zsij.5x0gno.foryyou.store/#aHR0cHM6Ly9pcGZzLmlvL2lwZnMvUW1YRTlhUnZ0bUE4ZlZwQThFZjhLWVd5YXJjYnBDbloySEhLejQ3Y1FzVnZMNy9panJ0Z21rZW9namlyZ3RiajhyaWJncmlnbXJvZWlndG5pcnVuaGd1bmdyaXVnbnJibmlmbmJpZm5nYmtmbmJkZmtuYmpkaWZuYmpkZm5ia2pkZm5iamtkZmJuZGZramJuZGZrYm5rZmJnbWtmZ21rZmdtZmRna2ZnbWJma2RtYmpmYm1iZ2ZkYi5odG1sLz8wODowNCBBTTkmI2FuZHJldy53aGl0bG93QHNhaWMuY29t
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133341613766748818" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 64 chrome.exe 64 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe Token: SeShutdownPrivilege 64 chrome.exe Token: SeCreatePagefilePrivilege 64 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe 64 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 64 wrote to memory of 5076 64 chrome.exe 30 PID 64 wrote to memory of 5076 64 chrome.exe 30 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 220 64 chrome.exe 89 PID 64 wrote to memory of 2516 64 chrome.exe 90 PID 64 wrote to memory of 2516 64 chrome.exe 90 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91 PID 64 wrote to memory of 3312 64 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://zsij.5x0gno.foryyou.store/#aHR0cHM6Ly9pcGZzLmlvL2lwZnMvUW1YRTlhUnZ0bUE4ZlZwQThFZjhLWVd5YXJjYnBDbloySEhLejQ3Y1FzVnZMNy9panJ0Z21rZW9namlyZ3RiajhyaWJncmlnbXJvZWlndG5pcnVuaGd1bmdyaXVnbnJibmlmbmJpZm5nYmtmbmJkZmtuYmpkaWZuYmpkZm5ia2pkZm5iamtkZmJuZGZramJuZGZrYm5rZmJnbWtmZ21rZmdtZmRna2ZnbWJma2RtYmpmYm1iZ2ZkYi5odG1sLz8wODowNCBBTTkmI2FuZHJldy53aGl0bG93QHNhaWMuY29t1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:64 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb2a29758,0x7ffeb2a29768,0x7ffeb2a297782⤵PID:5076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1832,i,14434783524324808035,2701578071416863565,131072 /prefetch:22⤵PID:220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1832,i,14434783524324808035,2701578071416863565,131072 /prefetch:82⤵PID:2516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1832,i,14434783524324808035,2701578071416863565,131072 /prefetch:82⤵PID:3312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1832,i,14434783524324808035,2701578071416863565,131072 /prefetch:12⤵PID:2264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1832,i,14434783524324808035,2701578071416863565,131072 /prefetch:12⤵PID:884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4072 --field-trial-handle=1832,i,14434783524324808035,2701578071416863565,131072 /prefetch:12⤵PID:4396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5080 --field-trial-handle=1832,i,14434783524324808035,2701578071416863565,131072 /prefetch:12⤵PID:4916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1832,i,14434783524324808035,2701578071416863565,131072 /prefetch:82⤵PID:4276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1832,i,14434783524324808035,2701578071416863565,131072 /prefetch:82⤵PID:1424
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4076
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
87KB
MD56e96539de96c176a589edb3005d9e44f
SHA18fb60afaa65dbff7fd4e54dd53c6d45192bd1ec3
SHA25606029f6d0df97f102a231b9cc285544c63a80c2c8ed5ee85eea4a48464a56f7c
SHA512730e0f107417028cdae6fb2f7bfd051264895c4daa7411ce32e277683edbda7ba179bc55698843644331a4821492e080aa98a1a8cd9332e64deec3b820af1226
-
Filesize
168B
MD50a182ed8a907f369ab7d3c2caf99c66a
SHA197fede59f31f91a0ca1ab391f4683cc5092fcabe
SHA256e2ba6eb9bcb56fd6b9891cadb1a13f8b18bb48adc1a1384bafbba024ae8698ae
SHA5120fa858153ffeca0f334de0153f4bcb4eab2ba071d8df551b6f14793fc6eca0abd57de2fe5d492b019a9718737ffd5fa41bd57cb063a9f6c67033a8f7939db1be
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a63a6de6-40ce-49cf-8494-d1a2904959a3.tmp
Filesize1KB
MD54516ddf9f5e1efe4481bb7d697538d51
SHA14ca34cad5f82526d8f74c1dcc3c5d02672ec4bd5
SHA25643b3697090106d4b8bbaace5d4e752dc4d7ca9a003a0028c0e56b7525931d82c
SHA512337f3d072e5e86d119f4b86e3867b4961d03690fdb666dad1bc540bb9f028f4e423a05a4f79b01f044ec63fa667fb2b43dc35d799157a98828d4483353d320b4
-
Filesize
7KB
MD5d9425526e0ef172bdd6771809144836b
SHA1ead978fb181c6ac1f56b6db2ab795f9910b04ca8
SHA2563aacd50cdaf8d140acf774fcf9a01f725011518f4d26d1e07ea1b15b0312c4f0
SHA512b4a08f5c858f9cb146dccc8b6cfef30bf6de29deb603ba11f0d0fe86c8c5074931bab1a4976045c2f6ff72d5c7e205cb74a27933ec50ba32dff4da5e885827c6
-
Filesize
6KB
MD57f7ee0dffbd867150d32b66bfa38eeac
SHA1cda4568cdbf160eb0c29bf82e6756ad8e8cb1276
SHA256c58f4110e1f9af1fdb7b2951ec43723c8af55ea05525350b9869433c56347a73
SHA5129b61773323459b297dffa414187b85840c97fc5727bde28d3a44737f6138aaf8e20733bbd4d1d85d736918bbe9a755f07c835c1fcfa353a1552b656e3e7c7c8e
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd