hxxps://10074troon[.]site/e85d035fc3f5da968e6108af7990e12564b83e8a6b78cPASe85d035fc3f5da968e6108af7990e12564b83e8a6b791

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2023, 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://10074troon.site/e85d035fc3f5da968e6108af7990e12564b83e8a6b78cPASe85d035fc3f5da968e6108af7990e12564b83e8a6b791

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133342708933141295"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2024	2132	chrome.exe	18
PID 2132 wrote to memory of 2024	2132	chrome.exe	18
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 3752	2132	chrome.exe	88
PID 2132 wrote to memory of 2184	2132	chrome.exe	90
PID 2132 wrote to memory of 2184	2132	chrome.exe	90
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89
PID 2132 wrote to memory of 1252	2132	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://10074troon.site/e85d035fc3f5da968e6108af7990e12564b83e8a6b78cPASe85d035fc3f5da968e6108af7990e12564b83e8a6b791
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc04d49758,0x7ffc04d49768,0x7ffc04d49778
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1912,i,5613291143886110423,4266768559436323696,131072 /prefetch:2
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2024 --field-trial-handle=1912,i,5613291143886110423,4266768559436323696,131072 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1912,i,5613291143886110423,4266768559436323696,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1912,i,5613291143886110423,4266768559436323696,131072 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1912,i,5613291143886110423,4266768559436323696,131072 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1912,i,5613291143886110423,4266768559436323696,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5088 --field-trial-handle=1912,i,5613291143886110423,4266768559436323696,131072 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1912,i,5613291143886110423,4266768559436323696,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1912,i,5613291143886110423,4266768559436323696,131072 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5148 --field-trial-handle=1912,i,5613291143886110423,4266768559436323696,131072 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2360 --field-trial-handle=1912,i,5613291143886110423,4266768559436323696,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4804

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
357b4f65bec220bce8c8537f52291686

SHA1
0851c87ddf893ff0df90b6b64aa5d7e652ab460d

SHA256
fc35b80f6351e4aa54f24e5cb90b4ef8a71d597558685aa2112d3f4d46b2a153

SHA512
967eac219f88ed9880e800a9f200680c4ee8ee5c52d99368431eae72fe2f47bd0421cab6c51e2d49ebddc37bad6a3a1428eb031a9e536eac8ae2e365006695c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
15c94cbd4d05a805a9024b8473bb253a

SHA1
09d19ed0304a28223b84a4bf4810023f9f25f46c

SHA256
9e2eb3bc2b610c2c482920822efbdac430ab8d3896d5b905b250bd2f2483410b

SHA512
349e92cc00e7476bcff3c961d6dcb606679ead408760eb4ba90a1f47105c2708fb28c00f28dc0f70d9d7888540897758330a4507e4d1b600dba7ee51a3ec0484

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
c41c0d3b7331b9716c5056e814f37bf2

SHA1
f8a9a70bf650ea07d29c4bd3db165eea3393e4c3

SHA256
da239f0607dc8ae2e0299c1acecabb75cfabd3080448ff3b8a734b1c03ef0d73

SHA512
2c3fdbac95b9bca6011b941921d5d03e019f86c5c23abf15928d8fdec6af34268b51b88a1962a331d13d86cef10d1463013d693eec08afc9ed702b9cc9e29f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cc1d5d7e7d91813ed09932d4b3861e9a

SHA1
23ac2c55bb2af51945114f1b10e4d76f488fc629

SHA256
2c7454aafd26cdd322a90b32d6d60b46173da0cd0eef1aa98af77126df133714

SHA512
134d1db23e6c708fa108656453d1dc725685ec5e9f48c0f7ef4ae91fb9a1e58cfa2940f7494a3fd4c87518cf370510904ab0ddbefacf1b28c3df51525d2e0861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
dafaa12bee6836d873d5dc23bca6b4b6

SHA1
d4351a5ab6f01e16f1576197ee92ee3f26654c04

SHA256
90ad0576ad144f1f7853f8699a1d8d6ce301193262202ce8ac49ac1cc25775e6

SHA512
25ddac4b6fee49390f0ff614e2bae3c7e340a4cf77fa5e4f390c44ba86c137f76f44993402d981107a912655578e02a62f8e7d6e7e6da2da1aa1d7ed3e10d5fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit