hxxps://temu[.]com/s/uFQaHe0IvB7POTm

Resubmissions

01/08/2023, 03:08

230801-dm9sfsch47 1

01/08/2023, 03:05

230801-dljjwaea7v 1

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
01/08/2023, 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://temu.com/s/uFQaHe0IvB7POTm

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133353327706971372"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1164	chrome.exe
1164	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 3060	1180	chrome.exe	32
PID 1180 wrote to memory of 3060	1180	chrome.exe	32
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 2096	1180	chrome.exe	88
PID 1180 wrote to memory of 5016	1180	chrome.exe	89
PID 1180 wrote to memory of 5016	1180	chrome.exe	89
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90
PID 1180 wrote to memory of 3380	1180	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://temu.com/s/uFQaHe0IvB7POTm
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb8d49758,0x7ffdb8d49768,0x7ffdb8d49778
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1888,i,5791237802317367373,17287975737808084874,131072 /prefetch:2
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1888,i,5791237802317367373,17287975737808084874,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1888,i,5791237802317367373,17287975737808084874,131072 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1888,i,5791237802317367373,17287975737808084874,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1888,i,5791237802317367373,17287975737808084874,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1888,i,5791237802317367373,17287975737808084874,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1888,i,5791237802317367373,17287975737808084874,131072 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1888,i,5791237802317367373,17287975737808084874,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1164

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
ebab615095d5bdaf620dea3104f5257b

SHA1
ff1f4ddfbfebb9f41cf35b7d96fd14e162be8084

SHA256
6fe85c8b7a1b4fdebb9a9f775633498e1fc80d4d3e916ccf99a2b01511bdd3e8

SHA512
511c7a639e2a069002eebb25876ec157449ebbd23b674c79862d7db0b02a515f243cea363a43c73285d92cf5617a9cc64159750428149ef1ee132fe2170240be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
baa7e8a1d4451af8387dc5378853b0a9

SHA1
1009f2ffd46596865e86922d9e221f6ead63ff8b

SHA256
215e4402b82fc653a78bb872caffd42e3683f9ba0361244640da5333a1a64ffb

SHA512
667fe3c48802321740f63515fe519f545db98af1f234750a0c40c05841fc35070ee6fea563c63dcb3fc6050e7a19ef30cac07cd0097b6c0ecab16c0ce92afc14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
9a2d357644b95eb96e3c43cf043797dd

SHA1
214c70a99556fba5415b1859ced5f55384405825

SHA256
bad1907992f6712f1c6aeb9b68d72476ae81ff33ab609d724d911a926b9c549a

SHA512
3cab65036d1e9c7abba04fe6a24e33744a2d3117593ce766374046e2e316050dc00878aa7ba7f1c3928053785e191ba9ef2aa3ff49ff7b4fa165f71414bd43d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
fb34da3a3fade96fcb346e3fa1ca1f88

SHA1
e79598416a9f0c33cc89ddf80b864756a9e54a56

SHA256
976b5c55e8690be1c77747744f2d48970265645c79047f505561f4c40834a1c5

SHA512
90def35b1bb6a0c405de6363e89b33229806eef6f5c5c055e49715bc3ae838cda845b2e27d924943fb908393aaa888c091bc932ec612fa9da1aaa6c7c7ac9570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0230556c201705835332dceb291c38b4

SHA1
f6dfdcd7d0dcc34d0f31d4cc77c29b2d587d6290

SHA256
6b3115487d45abf1da548fe59b1acd6b7436901c6457c529f3c14e9f6cfe4e27

SHA512
2e3fc980df076c6e59fc84619d6a8e7bd7391a77321c86b88f123255f526d0d5965126a5d815b87a7e1d6cf275bcfb1fb132f1a1f8dfe93909e909ceffe1135b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
80dd7ca48fb52199bda6e8c8d218c699

SHA1
f578a863c982bb4febc2b36278b3029b6eb2dd37

SHA256
ceb8df4c00f490bbe4ecc91aa7b1e0391ef900621bbc446f8fb7926e238478c8

SHA512
5c7c1c452324d8b8208c4729e85921c74d274ef7c52a252cd453d380066cae68537f78da822043691ed806840efea9c480a4ca3a0b36003235735f610f1714d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit