hxxp://info[.]pdmneptec[.]com/IiuocJWKCC[.]aeqir

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
01/08/2023, 13:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://info.pdmneptec.com/IiuocJWKCC.aeqir

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133353685206547821"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2040	chrome.exe
2040	chrome.exe
4716	chrome.exe
4716	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 3904	2040	chrome.exe	85
PID 2040 wrote to memory of 3904	2040	chrome.exe	85
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 3336	2040	chrome.exe	88
PID 2040 wrote to memory of 1632	2040	chrome.exe	87
PID 2040 wrote to memory of 1632	2040	chrome.exe	87
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89
PID 2040 wrote to memory of 2080	2040	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://info.pdmneptec.com/IiuocJWKCC.aeqir
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeeb529758,0x7ffeeb529768,0x7ffeeb529778
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1908,i,11790108689388668051,17512175389138560752,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1908,i,11790108689388668051,17512175389138560752,131072 /prefetch:2
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1908,i,11790108689388668051,17512175389138560752,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1908,i,11790108689388668051,17512175389138560752,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1908,i,11790108689388668051,17512175389138560752,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1908,i,11790108689388668051,17512175389138560752,131072 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1908,i,11790108689388668051,17512175389138560752,131072 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4592 --field-trial-handle=1908,i,11790108689388668051,17512175389138560752,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1720 --field-trial-handle=1908,i,11790108689388668051,17512175389138560752,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3736 --field-trial-handle=1908,i,11790108689388668051,17512175389138560752,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9e1201526711d22798f8a2f9a523a7d3

SHA1
7a6a40b9c47f0a3e719a7858ed17cd67b02b984e

SHA256
0b65782854ec543e309a1b58c3379d5d4fb1f9e4b37343dced13ab6f94c12ed0

SHA512
c617644321ab6bc662d279d772a05eecd80579feb8194f58dbdd46d0714f756979221f0db8a44ef4e65c596dc0f33d8ba6a389a95e3afc64f23a6778be874f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e7508940cc9e3289dc4b89b6c3cab824

SHA1
9144406f10f4626e8c2ed77484a2bf73a4375293

SHA256
5c72f0b9ba8b245e2a4607cce8955b26fa7013e7e13e32ddbe90f2895ce7859d

SHA512
56f0d14134b379f17516e18efc68bae729609223b08e3c03d5bbc87c792f1bd597e97ed0e201912d7477003e85079e01f56b92f2b159a56e6a81a5b5763deece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ab148f5006a94295b478d3ac343164a0

SHA1
5ea213c8fb32269a8c24604bd4af2073e201b380

SHA256
06a5eb9fb21bc19f113b0545d047d1fbae6000c7063cb27019bf3b36021a1a03

SHA512
34a407a9f00c0dd5bc393d7cd3b93c5a28ff6072e92f9b48bb21f493e23ab2e44c6b46688856cab7ade48768689f7148e940f375428f40160294338d62fcb7d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
228e2489448ff4a1aa2928e3d7960c7e

SHA1
fd88adf3af8451a1d72f58bad51ce9c603d404ae

SHA256
1907da5e6efbbd60856e9be9f24f30de3608eb2b406c8b931b1b3e43d2c6301f

SHA512
5e3fed834c6a19f4e497e4f9c109956ac217f45378bb78a578d91eb36f177c8ff94fd2ef001f5b033f8c56f7839276999c0a83583f280e72142f9f8e7a6fe4d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3914426ed5425ffb103e511cbbe7d60f

SHA1
30e7b25bc28a98674602c5b2d516c4b73291ad3f

SHA256
36651f352a6f950a2580fcba52f3f41173d0aa5aab002bd00dc61c43162116dc

SHA512
4375f0c9fabfc15328470dee465f2b12004858c7ca154b7eb38387c9e135652d770ff2f3b5af23c94fff0c4d8f28e9104f7fee23c4af50c45360717f44c821d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
b5e0b33edaaebbad83cf1eaf85bc09c3

SHA1
da06455d9986d3f3fd23eac43bda0253a4dce0e1

SHA256
87370341393fe58f23b39f7ad7f6457d18b437718dba0485da10c8dbfa43a96e

SHA512
d12725584c5790c175033bbc3f45cdfcced646c713ed9d2f56d02109bdef837b847e77588005ead93b57d04dc10026991cbe02249c5e57908fa58c61303bcc26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit