Analysis
-
max time kernel
600s -
max time network
489s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
19-07-2023 07:53
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://general-72354.bubbleapps.io/version-test?debug_mode=true#[email protected]
Resource
win10v2004-20230703-en
General
-
Target
https://general-72354.bubbleapps.io/version-test?debug_mode=true#[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133342268349572192" chrome.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 380 chrome.exe 380 chrome.exe 380 chrome.exe 3780 chrome.exe 3780 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe Token: SeShutdownPrivilege 380 chrome.exe Token: SeCreatePagefilePrivilege 380 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe 380 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 380 wrote to memory of 2796 380 chrome.exe 56 PID 380 wrote to memory of 2796 380 chrome.exe 56 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 1968 380 chrome.exe 88 PID 380 wrote to memory of 4464 380 chrome.exe 89 PID 380 wrote to memory of 4464 380 chrome.exe 89 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90 PID 380 wrote to memory of 2348 380 chrome.exe 90
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://general-72354.bubbleapps.io/version-test?debug_mode=true#[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:380 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2d4a9758,0x7ffc2d4a9768,0x7ffc2d4a97782⤵PID:2796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1848,i,11556519296008134946,6477004995973316366,131072 /prefetch:22⤵PID:1968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1848,i,11556519296008134946,6477004995973316366,131072 /prefetch:82⤵PID:4464
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1848,i,11556519296008134946,6477004995973316366,131072 /prefetch:82⤵PID:2348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2824 --field-trial-handle=1848,i,11556519296008134946,6477004995973316366,131072 /prefetch:12⤵PID:3752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2816 --field-trial-handle=1848,i,11556519296008134946,6477004995973316366,131072 /prefetch:12⤵PID:620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3920 --field-trial-handle=1848,i,11556519296008134946,6477004995973316366,131072 /prefetch:12⤵PID:2468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4708 --field-trial-handle=1848,i,11556519296008134946,6477004995973316366,131072 /prefetch:12⤵PID:1664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1848,i,11556519296008134946,6477004995973316366,131072 /prefetch:82⤵PID:3784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1848,i,11556519296008134946,6477004995973316366,131072 /prefetch:82⤵PID:3448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1848,i,11556519296008134946,6477004995973316366,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3780
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3336
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize330B
MD5f8623f2b2ff26dc268276c15f5566a3c
SHA1681f2d1496ef6048d1e4c6be41f89efa95b04bc6
SHA256a8f17efefdc7b8280fa8caf465db981f36672e1b5b2a2a8d5ab0e119c4d09472
SHA512ab28e5a48bd534a2a9dec6e09a7c85309de9b42663fdfb76ab8cef7dd8df966462c8dce89dc42cd4692142683b5bd309ea0ec8b45b68874ecebd3f9d73a52714
-
Filesize
312B
MD5dab6912116071acc90017574031c56dc
SHA10191fa5d8ddda860c3869ab283e1c1f23f6c2ec9
SHA2561d194a8d8caaff87b70a7978d1866a3fe6970fd5cd7fb116e1b5d63345fa06ed
SHA5128f67e4f1b0cd1d8284ce7db1f5dac03752b80be7f4b65034cb357e941ba1e4a46080d897f31511b81dc935df79f0f5bb694f5c7b43eb771c9a2042652c7a3cd7
-
Filesize
3KB
MD5520f81b67654be8587b5233989a20b6d
SHA1e2aeaf079cedab933dec997156563bb3e8c3b61d
SHA25606ad46c7c9bb2cc42de6df672e9b0f542085aa59708ac004339b0abba1268f1b
SHA51229c0325d9aee28547a29f57560f4f84c6593e89496252580790bfcdc25af96c982af22b22dc107bb2d032f48aad42367727345094f676b2aecdb4e4d41f487a8
-
Filesize
1KB
MD532bde7ac7d24a3229b5a9e615e0aef8b
SHA1420653e927f1c7267eedfbeb8f30bee392d6e2a8
SHA256675728cf966d0c1466f4be1573dbdbede2aef96ddecd175447eba367c3ecc163
SHA5121f91c832ce992de9a5ee10df95bf8c71dd662a118e44df44a3213b5e2b849261d95eda9781591c04a62bfb7d2cf2100d0c6f06ad86aaf5308d4d16c36291b1cc
-
Filesize
6KB
MD5e2eb7b541a544059b09ca05a879006c9
SHA10072d083b55b22e85917e0477ca686fcf99f8359
SHA256acd97d6c95385aa862b3e3c2560db12ae6e0c13fa99aa7f781c494cd9ed74251
SHA512fc15fe6bac5519b88421de32de5759bba5a05aab4634cdbea46dcc98fc73b82a460f1dc1b41c23c351e09ec435025309e100136dec67241cdad2c9c61355b77b
-
Filesize
87KB
MD525f40595877091b6c911a397a1edf6bd
SHA1db2529845a143d97a8de5f3ce24e8fe3e7920344
SHA2566ed3ea1762308039e2e82f72821941c6bceebe07d3aaaefd2468f8306142c041
SHA512894d0916ec292089917e49bf437a66f1bc85071d4251ce4183600fe1780bd17dd10207d0138d43a2a9198ee8b4a292c817f0a7f211a2ffec342c70b28affb3e8
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd