Analysis
-
max time kernel
68s -
max time network
71s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
18-07-2023 19:13
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://thefocalpoint.co/
Resource
win10v2004-20230703-en
General
-
Target
https://thefocalpoint.co/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133341812524725275" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1120 chrome.exe 1120 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe Token: SeShutdownPrivilege 1120 chrome.exe Token: SeCreatePagefilePrivilege 1120 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe 1120 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1120 wrote to memory of 3892 1120 chrome.exe 85 PID 1120 wrote to memory of 3892 1120 chrome.exe 85 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 2908 1120 chrome.exe 88 PID 1120 wrote to memory of 4240 1120 chrome.exe 89 PID 1120 wrote to memory of 4240 1120 chrome.exe 89 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90 PID 1120 wrote to memory of 4248 1120 chrome.exe 90
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://thefocalpoint.co/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1120 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffcc9779758,0x7ffcc9779768,0x7ffcc97797782⤵PID:3892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1840,i,1755806818668531938,11209205190231864657,131072 /prefetch:22⤵PID:2908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1840,i,1755806818668531938,11209205190231864657,131072 /prefetch:82⤵PID:4240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1840,i,1755806818668531938,11209205190231864657,131072 /prefetch:82⤵PID:4248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1840,i,1755806818668531938,11209205190231864657,131072 /prefetch:12⤵PID:4068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1840,i,1755806818668531938,11209205190231864657,131072 /prefetch:12⤵PID:4536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1840,i,1755806818668531938,11209205190231864657,131072 /prefetch:82⤵PID:3644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1840,i,1755806818668531938,11209205190231864657,131072 /prefetch:82⤵PID:4900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5244 --field-trial-handle=1840,i,1755806818668531938,11209205190231864657,131072 /prefetch:12⤵PID:3600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1596 --field-trial-handle=1840,i,1755806818668531938,11209205190231864657,131072 /prefetch:12⤵PID:1864
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4104
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
87KB
MD592d84873bca3d2ab253d044706d9b7c4
SHA1dfa4e2f9adaa9f368926fe02de5e37af9922e3d1
SHA25602dc4a89e9d15a00b667c6a6295326b5bc82c237e0d19510b83f57b578339f4d
SHA51219a8985e8e74f058526445e73bb79cfda2277f191aac1b43660967f8e78c99748d9b0424e2ce9706093009fdcc062b5dd29db0eda12b5f46bde31d98cdac6233
-
Filesize
72B
MD55f617e57c731dfa32cb54d67c67bd26a
SHA102dc20db54d54ddda9e4a4d4571648404003f6fb
SHA256d90a6bceca32158f652b738dcea1d85121b170a0fa2e7f46002b79d08c44a1b9
SHA512bcd9b54a8c3ff12d715d3135350ce0256d8f2ee30e48f7ab806f72adbf612900d19598348447e097c66b32761a5983c29e8eae250da7b000086e4cc2ad1cc557
-
Filesize
538B
MD55f33db7f45f0e58aee0229395bf67922
SHA1d96e1b398ddf31e72302ae1a8ccdfcf3b3966c16
SHA2563f6d729f82498cfba424f5fde46686e57f108ed4dde3f5cbd33f379b23cdc103
SHA51271f033285a83fd277219b004f829f6f6c45356e4f228a70c7fc5047254b4183ba73b4a67964db9471b8c909606cadd8afb82136a3459088319eadfe7296dd723
-
Filesize
538B
MD5dd9a04dc975c2feb8bdbeed5fbe2f119
SHA19056dcb0fc8fcd113436a3849ea9175b130e1c23
SHA256547d77a76246eee6ff195188d2fae9aa4d89777f8dcd3148008783aebfc11e2b
SHA51247a3e184f8ebf9b9a2835891b87c48dfa72b13db18a3edd287f589506fdda3b924c9000450a9e25b3986bf8a8d8b2ba9af5f34047384d03693a4e24daaf809ce
-
Filesize
706B
MD5c23ea2e205f4f084653080fc8d6fac17
SHA1baa992902f9c764995e7219817a30d6089deb615
SHA256c2983f25e24f359fe2b4ebba7f765afa9e1c64490d71bb5647070a4dfcc21b1b
SHA512b423de4dc0cffb5e4fc4d84eab65ac16bc827b25584f81801b4f0f8ef1310cfd4206bf64d3e78fa2dee1d5a061f764e8db039f472a6ac257df43b8a345ed8d9b
-
Filesize
538B
MD5af0b41d0276baefd8f4b6a5eb23188b8
SHA17a5a52e4889e1291b5d20570ece90e06c84fed23
SHA256d90078d24d53c6efa9f808776560e8c49f5fabb0138fd4b863e7b708fe594bb3
SHA512d5aa679e4d044a01839435468de1b044f2d9f807df80ad73d104ab3d07d3a32675d5de6bc6e1b5283c4f147cd45655c48102283e0345965b53a7499e34029ef5
-
Filesize
538B
MD51e812eb2e15159d1630e959f2237f7df
SHA1de6c849a1b7934148e9a2be87809d210b0c247c5
SHA25614694787cb1d70ce51ed49519831240c66bfd7133858bf36ea8dbb2595c1b059
SHA5123c5821230c88d8336be0318fab101d90d4c24f8f5fb7715a9aae44985209ff0e58260fd02af7fca0990275ef91f25c8635a64d9edc7d190051ec21bc50c3d943
-
Filesize
6KB
MD525d3951a4743ca7016bde78136a82309
SHA1561b092fed52affd646cebf0f5f01ad8eac28173
SHA25674a69be141d89ef5d29ff624bf96f9173e19c0ca269c430340b95dcd224325c1
SHA512b207bb4e676844f235505d06f209e374f6bfedc58ea40462c3f89c1c17f6592ece8fe10c60debc6e2ef7b5eb8b494e5aaf5ec4c24cbc72d69609a5b2c0142932
-
Filesize
6KB
MD5c35e71f71920e51245265204580d230f
SHA1c5a16bfe131da520eb425733b92631759ee1ae38
SHA2560fa1d3a871f49f836462f37307911cece68e8829436e2e15ffe37d603c44ad46
SHA5122e93dd5a0dc3b2a6c37989ab6e244c027914ae95a4c048a1455207334c3b111b6691e406851a7c926a8b0b228f81e40af019b7a5be889a8b8ab99c024bbf69e1
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd