Analysis
-
max time kernel
210s -
max time network
213s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
21/07/2023, 04:34
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://go.careerskillsinvest.com/vsl?el=teamej7
Resource
win10v2004-20230703-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://go.careerskillsinvest.com/vsl?el=teamej7
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133343877111894211" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3872 chrome.exe 3872 chrome.exe 3608 chrome.exe 3608 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: 33 1736 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1736 AUDIODG.EXE Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe Token: SeShutdownPrivilege 3872 chrome.exe Token: SeCreatePagefilePrivilege 3872 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe 3872 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3872 wrote to memory of 1676 3872 chrome.exe 35 PID 3872 wrote to memory of 1676 3872 chrome.exe 35 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 3364 3872 chrome.exe 87 PID 3872 wrote to memory of 2812 3872 chrome.exe 88 PID 3872 wrote to memory of 2812 3872 chrome.exe 88 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89 PID 3872 wrote to memory of 1044 3872 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://go.careerskillsinvest.com/vsl?el=teamej71⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3872 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7fff36ea9758,0x7fff36ea9768,0x7fff36ea97782⤵PID:1676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1872,i,2433902109867498317,5093685702723687872,131072 /prefetch:22⤵PID:3364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1872,i,2433902109867498317,5093685702723687872,131072 /prefetch:82⤵PID:2812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1872,i,2433902109867498317,5093685702723687872,131072 /prefetch:82⤵PID:1044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1872,i,2433902109867498317,5093685702723687872,131072 /prefetch:12⤵PID:1756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1872,i,2433902109867498317,5093685702723687872,131072 /prefetch:12⤵PID:3864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4716 --field-trial-handle=1872,i,2433902109867498317,5093685702723687872,131072 /prefetch:12⤵PID:4748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5256 --field-trial-handle=1872,i,2433902109867498317,5093685702723687872,131072 /prefetch:82⤵PID:1596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 --field-trial-handle=1872,i,2433902109867498317,5093685702723687872,131072 /prefetch:82⤵PID:4312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=1872,i,2433902109867498317,5093685702723687872,131072 /prefetch:82⤵PID:3304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5708 --field-trial-handle=1872,i,2433902109867498317,5093685702723687872,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3608
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1140
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x308 0x4901⤵
- Suspicious use of AdjustPrivilegeToken
PID:1736
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
624B
MD599249ef816b35cb0fe7daca8e014e493
SHA105d3d0fdd32fba541b875bf4e3a77adaab26ff9f
SHA2569ca606bf93c5c8e568b546b760e73f54fcf47c8c599a2057beafad5480203cec
SHA5120901256356ceaee4055b3bccde5bcd523fddc19dc00c55a5a15c2e508902c88cdb8f2f2adf72ab124c726835028537cf907a8cfb9d35339f848a522e684befac
-
Filesize
4KB
MD5c73aa9d82617e2550cb03da528d22518
SHA12836c53ab30ba34ee51e55e176081f40d394b562
SHA256441c880ea2fb1ba0372f531bff0bd443e050c1b00717628c284f984733c5ee54
SHA512af3d521cbf1d8e51faf2f37359b1cfcc8f21b8b3c5bc72659b7c771ba81e91423b0beb361b9d88d15c28661424f006a83b092d003ff333ad4866b74ef63d0469
-
Filesize
1KB
MD5b792a8242fadb77361660cab3256ea33
SHA1adb29912b12587b68866fa4bcb6be56ef8a52ac5
SHA256a558ec960fa5ee198967985c0a95323ab5fd823ec2b1e1005c2b2bf80a713bfd
SHA512ca27bb6aed4c1045db0646dde3f263950ec97115b15a80ba59501dff3b370aafd8561f7194137d7b0b7e9d7737beafdccc010211ce9c4779c0b62b0f8bf34358
-
Filesize
6KB
MD5ebfdd386c159aed244bde4baca00531e
SHA1fdaba897de898feb1d665bdd3569648044f6956a
SHA2566bf6e1e6f864f5605ae4b02075a1b4d997e1c41470a81bb2d9e3cedca7e8b712
SHA512c7be4ab5f5c5a116f41b7af8ba5186c46e8f0b4a12f96f925fae9e1370ca7f5963881fd7b3af7adbd8af0f7e7cc8546b6933f348c706684d0733b62b818c9bf8
-
Filesize
6KB
MD5aaa7dcf5cde8ed0f20e7efae73423420
SHA12b7af5b8005e6fec916320b33fd093c03da00a93
SHA256c988340b1abbbedcaea7ed8fb6ec22243d6cafc23d600f025f8615fc6f7cac1e
SHA512e7b54618ba063270ff07ebd6236f68945b285b48e57483b67830af619e8d23c7aeaa900ac3a3ec86a8c66767983494181baafa749f03bfc84704ab6095e5d866
-
Filesize
6KB
MD508c9da95be4720d32e22ff7b24777764
SHA17510a60ba028c28c7c508181a404cd59d3c019ba
SHA256c66072c9e02f9bf865abe017bce5fe4c74f4562be735124def3814e2c30a3977
SHA5124e9dc15eb4bc11b4ef2a8f8a3b283edcd2123fa1a99a596a0b956ba352bb4bfaa7084c86d2691aa1c09a866f966978db4075e676d96deda2e5aa53eb6d97e9f5
-
Filesize
87KB
MD51ad0c85530bee831a97de7349c6e8bbb
SHA13e11f3725f30f767a622b390696a4dfc01420c57
SHA2567ae682b56b09055f74e1dda671a1aa009a0d93c61b8f502e6ba35a64449ef21d
SHA51231ad3dcb78a96a2a635b3f3a2a0f20d7ee74e2b71cfea9e982f2fa6d8022fd8ec1f4eb0d83f96933f2a198229e42cc3480b5e16db29cb8a1f26d8baced0b3bc2
-
Filesize
101KB
MD5b5060e67e072f31ea8ced6bc782a2923
SHA1bf4aaf511654fdd6c8c7e0276b0cc96c565b78e1
SHA2560999077b88a4a33e064b5f0884fefe70867a65573484214f30958c68a2a913d9
SHA512dd8ed0ee45ee8447ad6de60f104f94eb0d1391f07f140fadc2da9dc6f305eb19d033921094733c7a637ba8f4dfcba598702d463f01302c1a053624e5729ea54b
-
Filesize
100KB
MD5d828216105a91f9ba6f58cf3e782291c
SHA180648425e18361fe976c11d2031a5b8c399da135
SHA256c53a91335ee210d7016732062cc453bad561df6c0d9759349e82c6705525e42c
SHA512a0dcdf3da1f72f0bd213e900e79c62e67034971ba836d659c3943dd9dcb13a8cca3de25db73bb1402d2329d713c4452a8a80f6640cc23781510d4a0f664e9226
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd