hxxps://ilang[.]in/Wmlh

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
31/07/2023, 23:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ilang.in/Wmlh

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133353205761925952"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe
4936	chrome.exe
4936	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 4680	4968	chrome.exe	84
PID 4968 wrote to memory of 4680	4968	chrome.exe	84
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 3424	4968	chrome.exe	88
PID 4968 wrote to memory of 4324	4968	chrome.exe	89
PID 4968 wrote to memory of 4324	4968	chrome.exe	89
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90
PID 4968 wrote to memory of 3276	4968	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ilang.in/Wmlh
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae5c69758,0x7ffae5c69768,0x7ffae5c69778
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1880,i,14040542631686921343,14732644205341924800,131072 /prefetch:2
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1880,i,14040542631686921343,14732644205341924800,131072 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1880,i,14040542631686921343,14732644205341924800,131072 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1880,i,14040542631686921343,14732644205341924800,131072 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1880,i,14040542631686921343,14732644205341924800,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1880,i,14040542631686921343,14732644205341924800,131072 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1880,i,14040542631686921343,14732644205341924800,131072 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5448 --field-trial-handle=1880,i,14040542631686921343,14732644205341924800,131072 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1880,i,14040542631686921343,14732644205341924800,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
ada8a3a2c6b66f62aaa2b07d54829a87

SHA1
dbf972420992e0db59660282f2270d559cdf1415

SHA256
71c5ce8570f0abf5e6b1201da047e08fe96d27bcdaa4b134c754a520ef2be2da

SHA512
14e900223393ce349220bb270044ae78e50709de6c8889b64f66478de8a047877cf182c6fda4e240964c243aadcd59c2e8150a161fa444ced610645f16106f9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
20f1ba552f353efd608301a8792c03b7

SHA1
8c5b43aa203b56916a7e8e268c2161e5f28bf14a

SHA256
daad8626deec4c244c48bf62e02b1183557b8ce0ed78fb4a925a1e56d61d46be

SHA512
8eeeb52d00506a3dd7c0706e4195ce0a91a89e942b5582d8ac922b91bd02ea20c6c89afc9c86e00bcf10846b85a9e1fc7be2f00df4645fe22b6772bc29197b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
54d2379e1a6c3ceeb4a32bf0e8dac48d

SHA1
76d11817668f7a0afcd9b7c3548a3fcc3adeb36c

SHA256
671b94f75e9bc03ce0509780c921df66c4fe5043a3b15c3c0e1d9f09aa5f46e3

SHA512
f9fc39e92a528a299a491d6c3a480eaaeb3a3957d5d49d42b33481b4749d18b8d815cdefe2020a923e3cf94e7b24d9e28503fec017af9d377a9eaab06deed672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0df1a76c03a007e939627b2b3ec67e47

SHA1
d5a2847cb73343e0375fab65c07a57e7f4f97c1b

SHA256
6bd8064695a368b8cb7527a359c22fd81d7e5dcefb786baa5e8a4b43d2d79ed9

SHA512
af83bab30dbb6aea25a402c4f7b88202464e7a572a751883ce2c327cc44bce2c6d710e7d9c4b43166d051dde3444b09ce012cd9b554e433f8794bf8bcf83885c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4b12c617db4474d3bcba44645158df88

SHA1
360aff2f48bf0ea1d698d5ceb298ba56d41bbdb4

SHA256
8a4e50f901f3e7e0d015c881424b2d34f1c4b5fd275da51443d1c75661a81599

SHA512
f3c8679f721b339a7bf6f9c91ccbe28340b347fd339ace961e8c0ff53e98d46a965085371c01fbbbc488f193a7e0d80e5b84cd5dad6bcc91cec9c7c0f59fa7d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e7b477ab9381bc52cb0859450a2419c0

SHA1
330a251fa6d2ff8a57ad883d35f4120a24e7fad1

SHA256
366c9466eae645f88bc141dffd891be8626ae6695bb30b6ea40131152ab650b7

SHA512
4242f70b0da319dc5543d0649aee6a613d34cb4ce5e56f05ec0d7d5abec342e19102cd4e56a3c935bbcd9abb4a9c62f424989937d541e886317785e373b60691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cc97e6c900a331b6f89ae68957b273c5

SHA1
b74bca44f81577cf9cc8febcbe4383a31142e2fb

SHA256
4252742de9e6c6fba1088fb587c8bbb49bb13e0b83fb2a90526c1f53fcd17cef

SHA512
35d54abffd70ab8eb12a3cbb75b7510de3074e4bc1fc297aa958b7dbbe2baee8cf8ac73f715a15ea6d35ae5bbc22f76d4b8bc3af872cf8b54f23bc639cdbe27a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
dd61c9ed0aea27b2aad8d58dd938efdc

SHA1
3a0eca713139c387e9d808e6e2ef862d4909650a

SHA256
4f3baecf2fd68422685ec1f6b4023d040f59083a68f63d2c8b8d9db078702b76

SHA512
fb6e284aaa95d39482871d8cbd7fe409c540d7df6069dce288cd2d298dfaa51dc721db354213226c262707f29aca0be12e4062484cb7646bd9a8aab862ecea24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit