hxxps://cutt[.]ly/Pwo9t9y7#aGVscGRlc2tAdG5iLmNvbQ==

Analysis

max time kernel
60s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/07/2023, 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cutt.ly/Pwo9t9y7#aGVscGRlc2tAdG5iLmNvbQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133341884960829909"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2452	chrome.exe
2452	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2452	chrome.exe
2452	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 724	2452	chrome.exe	33
PID 2452 wrote to memory of 724	2452	chrome.exe	33
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 4724	2452	chrome.exe	88
PID 2452 wrote to memory of 3480	2452	chrome.exe	89
PID 2452 wrote to memory of 3480	2452	chrome.exe	89
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90
PID 2452 wrote to memory of 812	2452	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cutt.ly/Pwo9t9y7#aGVscGRlc2tAdG5iLmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa743e9758,0x7ffa743e9768,0x7ffa743e9778
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=388 --field-trial-handle=1872,i,11260755098950558669,5165980249260924790,131072 /prefetch:2
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1872,i,11260755098950558669,5165980249260924790,131072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1872,i,11260755098950558669,5165980249260924790,131072 /prefetch:8
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1872,i,11260755098950558669,5165980249260924790,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1872,i,11260755098950558669,5165980249260924790,131072 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1872,i,11260755098950558669,5165980249260924790,131072 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1872,i,11260755098950558669,5165980249260924790,131072 /prefetch:8
  2⤵
  PID:3352

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4680

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
7b781e17727109567c18d75afffba108

SHA1
28325f2e662b2b6f233817e3f1ec0fe70d901752

SHA256
ac7b80e0a97fb2bc7350371ef3e411eaa6ffa925b4591d56f61c76349e1282b5

SHA512
a38983127e79ad06cf8a6492de9e3b11afd4e28aff97ba5cf7a4dbf0b125c58aa51e1d181f603b5cc32d98536ecbf006ad7fca854bb7f18e932a6c7faba39105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
2f8efa876d28dc4373e373bd168d64fd

SHA1
89196b8d9190c512609aafb8a2b3fb2585051a64

SHA256
5d904189533210e4ab561e0b6b252f4ef7d627bd8b2a4fd067b8d841e8669070

SHA512
a3daa337482807023b279872ed5f8eb45725dd244f235836467048b95e4036941669d4967084e4123419a736398d19baaafbaf52a9655c2c4c9e8b729d3c6674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
5c852da4a2abbf3850806b8d48f8065d

SHA1
576ea0178f6ee209d59f7f5bd2d8a595f255211a

SHA256
542fd9c0e51603eea65bd11c2bfcc0ccb88b00cf318b1a731a8951c6198ed465

SHA512
7a828cc42bb1d66910a274c13e9414e61f975baeb26a5e286f210ad8d7f1b02b17f4cfd0e524be63c1c1994f4a301fc653a74303c1bc602ece37c3b38a67f975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dfe9d6e13c752ac938181c001c1d23f8

SHA1
96da2189a67080ee6bbf857f291d0d616198233d

SHA256
c99d90cba86aa8248a897a79b079bc9e2a72407aab17deb6757573562d471e66

SHA512
3e3e393f5c7ad0ead64e7192f54b1157c486d5c0eb6bfb362f6d11e76e788cb92a82bd1802052ba148782933ac1a353552834610aa377ecc756e79fc5c4fc66d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9e908678c2974bee52296b73130e5a4c

SHA1
71a4ab197cf1fa7a7889a978c9faa459612a0c92

SHA256
f18ad30794212ca81fd26b7868348206a809c27bb7455000d8ee75e1db40beea

SHA512
710dfc63e50fe401be6b61c731d19cda709f8e7f4aa00d28824a2f7f1002c4fe28a8a9ee754b3018b9519f7855dfb17da15d66623f03365f200c9083366bd610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
df1ee2b27e9248004353cababda21519

SHA1
68e43930453b7fdf30d752d59bdccbb0b6660872

SHA256
3ccaa6e537d31247ef896ffb61e7106614d52c07668a15deb7522e3902597a98

SHA512
54af259053071dcdb203333da076ccd10c41cc253819758737422e52d40093b0a3864c7a2d019731e95350daa6a8cb56a0da94510d68056425463bda0150835d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b48ef5f2e45b5df2071766b903b78e2e

SHA1
308c0966dea298c5660da654690bce999d377711

SHA256
bf938505dbcc09d4135c83989cafc124f115e2f6ba17acaa455ca098b0088693

SHA512
3b6e8cff8d1b76880de5cdde8e255757fb6f04a91c828dc671ea774ea4c8fadc261d97d0776b9601cad7c4fc271876bc3fc7ac2920fb54888c127a9cfde480cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5804be.TMP

Filesize
48B

MD5
682f4e839b283297cd990bc89e249cf6

SHA1
c0b4dab2d2dd8e98aee218013d11d693ede5ac8e

SHA256
b126ab74532bd56e7d6fb1392dd34e4861433856d5344bac013a35c9ffa3f515

SHA512
c2b7588d6e78b6a9a413db3c3bf131d7b508a353c49fe88e037f02bd69943f6e9ea87d240c1340235ad825a4c2b2f694d2bc51ca4954c3030bc724051bc94019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
0fa79e753e3c7ebbebb5e4fff1e323d3

SHA1
552073e00259cda91ccaedbe451ddd9b544e74f1

SHA256
c2589d0986e352db443875ba7af182c562531623540b04dbfd314a15ca87a473

SHA512
038000b92981357228227a66d72fca53a8f99244813098cc6f112d3702bf44a38998a8497f51f2dea67e8b2adc9830416ffaae1a33936e3675c180c5e1667f36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit