hxxps://www[.]waghotels[.]com/richardson/boarding/kitty-condos

Resubmissions

19/07/2023, 19:11

230719-xwbfssaf93 1

19/07/2023, 19:03

230719-xqftbsaf68 1

Analysis

max time kernel
300s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2023, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.waghotels.com/richardson/boarding/kitty-condos

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133342670167877218"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1444	chrome.exe
1444	chrome.exe
1356	chrome.exe
1356	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1444	chrome.exe
1444	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 3780	1444	chrome.exe	33
PID 1444 wrote to memory of 3780	1444	chrome.exe	33
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 4108	1444	chrome.exe	88
PID 1444 wrote to memory of 3164	1444	chrome.exe	89
PID 1444 wrote to memory of 3164	1444	chrome.exe	89
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90
PID 1444 wrote to memory of 1964	1444	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.waghotels.com/richardson/boarding/kitty-condos
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb71d9758,0x7ffdb71d9768,0x7ffdb71d9778
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1884,i,7239945877282247754,5576386373211449029,131072 /prefetch:2
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1884,i,7239945877282247754,5576386373211449029,131072 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1884,i,7239945877282247754,5576386373211449029,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1884,i,7239945877282247754,5576386373211449029,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1884,i,7239945877282247754,5576386373211449029,131072 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1884,i,7239945877282247754,5576386373211449029,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1884,i,7239945877282247754,5576386373211449029,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 --field-trial-handle=1884,i,7239945877282247754,5576386373211449029,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1356

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2744

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
61b58eacd7e65f5b592c0617f4402376

SHA1
feac13e6528e90193afc0732a95a5c153bbb9dbe

SHA256
ca1af3c556c5de977f678ca07eedfa9b46cfb85e4d26658d59b72acc298193d6

SHA512
8412784c509a2b5942664de521061926fc1285e12a9c8f2e009bc30a72a37d46211d41d81f154e4e188a2eda8d446e7937ff4238055d2fcd69361655750854f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a8a95b62d40274f77e472e53e7b7535b

SHA1
9d7ec706d7a7fa1d20f109ebff278fe30b7f6f03

SHA256
1b381c6988cc71cb807f8564403b4adc54bb2036226579467d5ac716538621db

SHA512
69e6b3c5fd973689b93a5a446a796a7e379c8efd7a19af49f42d1517b95d2c7a375236b4be3711aa16914b304def992aacef40e9fbdad4b849bd596e2c8bf9ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
040146f70439fd874a6aabd275889054

SHA1
f36af790c7be0fb787139aef7fe78fbe9905b44f

SHA256
998cc03b41dab5ed0c8d8d757c398954b27a0ed023facfa32d26b79ab4e3ac3c

SHA512
3439249d7cf7c8d8db186bb8cc2c5d20f9cb8f0ae24d7c0a659bf777d6e83f4d4c2db83933a137252b86315dfbe32757ad3033bf6d8143e719edff13f9453220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1053246f532c4f46562bb18ae144526b

SHA1
39d31c9cbe136e30b33b0423d0962e59f924f21d

SHA256
3e6dd27acf2ebedc8ad21577ea3daa823fba7884faf3fd44ed79713466a9002e

SHA512
1d0048e6b2d64cd5ba9f52b0a7502da2c953b2276e14b4c4aee76d50ba97ba0df0bd6c35c4de451972a73d981d779f854446064ff9fbb3c33c329ceb9e59eb54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d0425c46b5d31cbcdb0aef26eb93f973

SHA1
0a492ca8736abc0278b9ec085d5e795116bfdcd2

SHA256
505b96a7346679d9fdccc525d3759fe065b2e6adeaf87ea575951d3caad3cdd6

SHA512
6da43b1b84e3727728784417f7c818e2768b7fc09509a74717387e62fdb81301e0b642f64dab6e42f38bec58557feb49710869e268dd169a930b9d590435cd57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
967c1166f748a0db10ee649337d88abc

SHA1
1e598af0082e45159bb1641644790074a7f2a350

SHA256
e5fab7c1bdbcec282c9cc0abede5d889539548f67046fa705ae73c85a74f6965

SHA512
d8783c4a00b34102f46c63608662742abe456cd9dc59694b34bbe4e446dcfa3ed0f72bf9fc85a1eea379136725eeee0988c18e1ae395b2c2436d64d4bdb24977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eabc6f792f8aee3bb03e788125a2ce95

SHA1
908452ea4ff59ed6d0d5afc9859d685514f3145a

SHA256
7d4b021a7935b1a14fcb477660270219f25d836d203442af46ba708cbd11fde2

SHA512
b9e95b4687f09b2dd536afde75dd33a2120641720cd55d156200b139c0b74ec0f42e4801920a8352dc9e7d842d8f81aa8fc5899b9cdcfa8200b3cde8c46c465c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
d663efdf418b75fc57ab112e37234a12

SHA1
41e5c63321c1380098c75bc3caad0040fc37e7bd

SHA256
bcfb16db0e3a18f8841f893140d62721b48e60b60fb812de35c67399d77dc657

SHA512
39490460eca73c8b4cf167e589245e7873e116f382714b250bddfd31fd5f8ed59b2c342df1dc5628b768c2dadec72de7b376e4e956ea5e0e7ecaa64a6c9cc243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit