hxxps://www[.]trsports[.]com[.]au/cart/

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2023, 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.trsports.com.au/cart/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133346446458260654"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
1116	chrome.exe
1116	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 3612	2220	chrome.exe	37
PID 2220 wrote to memory of 3612	2220	chrome.exe	37
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 2156	2220	chrome.exe	89
PID 2220 wrote to memory of 4360	2220	chrome.exe	88
PID 2220 wrote to memory of 4360	2220	chrome.exe	88
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92
PID 2220 wrote to memory of 4456	2220	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.trsports.com.au/cart/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb21579758,0x7ffb21579768,0x7ffb21579778
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1876,i,15635633795270747474,6378656413097472615,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,15635633795270747474,6378656413097472615,131072 /prefetch:2
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2824 --field-trial-handle=1876,i,15635633795270747474,6378656413097472615,131072 /prefetch:1
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2816 --field-trial-handle=1876,i,15635633795270747474,6378656413097472615,131072 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1876,i,15635633795270747474,6378656413097472615,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 --field-trial-handle=1876,i,15635633795270747474,6378656413097472615,131072 /prefetch:8
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1876,i,15635633795270747474,6378656413097472615,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4768 --field-trial-handle=1876,i,15635633795270747474,6378656413097472615,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5148 --field-trial-handle=1876,i,15635633795270747474,6378656413097472615,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4688 --field-trial-handle=1876,i,15635633795270747474,6378656413097472615,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1116

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e2bab3903a709c0d11126ea2fd691fe8

SHA1
ed04fe9b05b7e9c5b098c1e561dfcabfd1a9bb57

SHA256
c30c43db4bf6a20d6b948b359f395bcc89cc1aaa4f78a0f9a1118d7aaa0a5a13

SHA512
89dd279dd0c7e2aeb18f15ab668bd73ab1d609513828de00e2ba02c9cc0282f45c19b6f375e8308f6b5a8567c676753e2c2571311f07d5ed3bdef2116ffa5e05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
7c482777e1cec8640a77980c8dec9e5e

SHA1
a781e92273b7c3095de6f94537ae1fd48ae66f5b

SHA256
84d87dc9d36dc20b46ebfc48b4b21dbfb4d31c18c9d9405c99a9cd1c9bd57367

SHA512
85247d2b38fb4787945117113a0216e1b7c62beff34a66df48bbd491e93404a9b57f50552ba5d331db4f81dd6c539eae1a10123db63a9cf4ecbd8633198dd808

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
06fdc2b9387d85663181674bc87694d9

SHA1
1d95700a1bb2f0753f8e4ee5db476d0801d519af

SHA256
4e24b2ea8ea87559a6f73b44b287f3cd4da03c76ad68e8fec55f2d4c82be8cc1

SHA512
725f07c4f8ef942a4f8d0b2a43307f76d00a4c48f1b29ffcc8e0c2c93ff57de4108ec0a116ec8b91ab0f5bd6ef5fa10d2561bbfed887b641a029fb0425b2f521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1f733fdc30cc41affff9e2b5cc3c3cf2

SHA1
7fb55eb4b720017d32b1e0db552ee6f7b4d89338

SHA256
c881dbd47a56c5b93e3c685cc7c1afa765d6eff7008cf873573141477884dfa4

SHA512
121f1eac10b1d741476fca6d12b000e56da16cad46cc86c96afb5e8023c0ff4f8376c9f927cf2722f931ffc4e759f5b1f1e830f108aeb6dea32d744eb87f00fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
64cf37d33ae3abb8539c690a7493848f

SHA1
87903a6d8fccef90e6cf5bd70413fbdbaa142370

SHA256
d0bd964bd09e0b6ef7dc8f840e4d3e710ed055660d74fb32c52d8f601e8f3793

SHA512
c49328c01f00f3e582934671cc269b65ce9876ae5a8f23150a362983aaec966f7601e0afc51fb58c81be627a380715f8a5c5fb695051e81af2bd9a06ca1982d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b9660ef3e4d5984982071cea6f009bec

SHA1
b553af88ef0c1cfe70922babfe32e6d66da12833

SHA256
96675587f593d218b280ce6cdcddc40b7f5c6df1f507baff17648f1debb5c297

SHA512
fb1072a924504bbfc75b762e8538cd4e69d7cfc6f496f900f8d405e49f44086e46423e65728fedbb721349bb8ef23b40ff2249bd70e83c9097c31669748e32f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
cdf653e207d011b479d2d20230134366

SHA1
a905ab47b478680a86b249557e443b00f7f98e1c

SHA256
03f58e97aec3b123dfcddea587645927f0dffd7ef04ac33e37167177df6cb6a1

SHA512
f41f89f34749f44c6cde76306514105c4138f8294889ce46ea5fe38be7ecfa1e70cb7c2d516afe760a14bb1ecd842775c65f92742e97cf12b96b65931f820d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit