hxxps://shop[.]awesomatix[.]com/auth

max time kernel
1187s
max time network
1165s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2023, 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shop.awesomatix.com/auth

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133354776887023310"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2044	chrome.exe
2044	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 1080	2968	chrome.exe	85
PID 2968 wrote to memory of 1080	2968	chrome.exe	85
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 3384	2968	chrome.exe	87
PID 2968 wrote to memory of 1336	2968	chrome.exe	89
PID 2968 wrote to memory of 1336	2968	chrome.exe	89
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88
PID 2968 wrote to memory of 2000	2968	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shop.awesomatix.com/auth
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93ca79758,0x7ff93ca79768,0x7ff93ca79778
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1864,i,12307959315756281297,1151142475404141477,131072 /prefetch:2
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1864,i,12307959315756281297,1151142475404141477,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1864,i,12307959315756281297,1151142475404141477,131072 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1864,i,12307959315756281297,1151142475404141477,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1864,i,12307959315756281297,1151142475404141477,131072 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1864,i,12307959315756281297,1151142475404141477,131072 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1864,i,12307959315756281297,1151142475404141477,131072 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4428 --field-trial-handle=1864,i,12307959315756281297,1151142475404141477,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\103c4196-d28a-464f-96b5-1684bfdf501f.tmp

Filesize
87KB

MD5
61f43a428537bb65db254bf9f555bc8d

SHA1
578bf272648462296e0e7b3ecb695ffa4fc707e2

SHA256
48eb6c448bf7008610e8dce24053695a6dea54f8eecbc44ae0c6965b70b24eea

SHA512
b60a3c4e92a5748073e6edf679357ff59e03b56d589c08d649239e70c9470b3a322155a3c6a876c22cf3766ad565a2b5ce44675ebcf3b80c5b422b0869db8391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5245bef11e0b91c6fb7b4cfdd426e594

SHA1
e038f661f7e1f204f02d680ee15401e8065f5a36

SHA256
99b695e93c9b06545c97dd4555b9dd7ba5587ea3eed3278a40b014ae8cd6f9ba

SHA512
b13565dd2e8387a08566a43344a66672212fefebf49c3efa80e9e58e43b1cf2ef072c6939bc6b756872519b8d412eb359f1f954441e9c0b09c161aa861f571ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
6627121f44ad7b26ff4958c21cf93e9d

SHA1
9ffb5c96334ae70b656b0a77d4b4d5877d050780

SHA256
cc645191e08c7fc737e6b8b27916e8fac0c972fbe55b0c9148aff977d9954cb0

SHA512
04672cbe513f36f509b686fa2f37c894c8f4477babf356b2203233023495d689e804606bf6fabe0d8d34d611b6dee43e0a816fa5188c7365fb74e1d6edbc81f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ebd2fd0054bea5fc94e802d571b73415

SHA1
0cf7b6c94b53d03323595465e16e2e263e7b056b

SHA256
6c5e9580722a68749e547694ca2be5ba49f9261860bd72bfc4cc37d9729b4306

SHA512
0986251af951820805f14b23388bcba3cacdd183c15ad9a9d04ad95144a63fb1de29d90d83d0888e3b3dd90d007565c5824e04850089bcea75a73fc2652265ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf188f159badb174cdac282d6766182c

SHA1
3c5db90542bfaae821b2c3eb2110a4decc1b89f1

SHA256
ea45ef2546b2a670795be1ac5d7372c0331528bfd9f9d34c9b482a1b3611ada4

SHA512
27c1b9b6fec3d6638017f59a46aedd73a6d73091edb701d6bfdd1b67a84d11c3023d3ada1f25f80523e735af798df48dc0897b3cf335bdda0a79dbb24766f0f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit