hxxps://linkedin[.]com/slink?code=gqeJA534[//]aqsa0m[//][//]#YW1pZ25hbmlAZmlvcnVjY2lmb29kLml0

Resubmissions

03/08/2023, 10:52

230803-myjj3sch68 8

03/08/2023, 10:46

230803-mvag1ach56 8

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2023, 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://linkedin.com/slink?code=gqeJA534//aqsa0m////#YW1pZ25hbmlAZmlvcnVjY2lmb29kLml0

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355332147979876"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4844	chrome.exe
4844	chrome.exe
652	chrome.exe
652	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 4496	4844	chrome.exe	29
PID 4844 wrote to memory of 4496	4844	chrome.exe	29
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1968	4844	chrome.exe	88
PID 4844 wrote to memory of 1844	4844	chrome.exe	89
PID 4844 wrote to memory of 1844	4844	chrome.exe	89
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90
PID 4844 wrote to memory of 4668	4844	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://linkedin.com/slink?code=gqeJA534//aqsa0m////#YW1pZ25hbmlAZmlvcnVjY2lmb29kLml0
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f3e9758,0x7ffb7f3e9768,0x7ffb7f3e9778
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1912,i,8121251639064983529,8457423968233222997,131072 /prefetch:2
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1912,i,8121251639064983529,8457423968233222997,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1912,i,8121251639064983529,8457423968233222997,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1912,i,8121251639064983529,8457423968233222997,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1912,i,8121251639064983529,8457423968233222997,131072 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4620 --field-trial-handle=1912,i,8121251639064983529,8457423968233222997,131072 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3868 --field-trial-handle=1912,i,8121251639064983529,8457423968233222997,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4496 --field-trial-handle=1912,i,8121251639064983529,8457423968233222997,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5248 --field-trial-handle=1912,i,8121251639064983529,8457423968233222997,131072 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1912,i,8121251639064983529,8457423968233222997,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1912,i,8121251639064983529,8457423968233222997,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1912,i,8121251639064983529,8457423968233222997,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:652

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
ae9879038090d62a00069e0a333ff875

SHA1
de51f7c7f24de71c51cd8f95e222f90143e62f32

SHA256
ffd6953a98a9491439e3d70dc55bf94a3db6e203b4b74f650128607932a7dc55

SHA512
52953560f0014f37afd1793e05310f21fad2ccc30f38e694ef61292e6bca05a846411944b089e9d96b1b69c89b086e15a1b7102c319258786912f0eef057a100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b474c4becf09084365d83d7a8701e175

SHA1
8cb048a148d574856f9816f41ee96b15d2eb3900

SHA256
2a0a0b0dbee2aa72ba6a9851ae8a03c45b5e52d6700eb116d198c9813fbcef31

SHA512
17d6b48e818b7b16d46e7b3a176a29f3df93b2a69c23033d958da617d3bbb06938004e433c89b586f46b958054bc88b389521ea0388460e519f0577e1c725a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\fc8bce84-de17-4d5f-8189-18bf393cfc9a.tmp

Filesize
706B

MD5
8faecb729fb9d27cbf904bc79637bf60

SHA1
f3d2cd3bd05bbc47cf77985c2b5fd65f8322a2ef

SHA256
7cbe1f558a36919a2aa23c0089501b037e2cc5dc9061c3aca1f7b689839ad960

SHA512
6d033430ea80bea017e73a26830fc8fc18b779f6460365a3758ac8d97d0300273394bfa71a38040277791aedbbfa2729bd268299f813faf59df68c94af84bba2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2c33e78cd8553d436ef49b56694e5f45

SHA1
31ad8c498b6a8f7e539d319897def2ce74b5a95c

SHA256
31e494f7c9565abde6d5ae261c3dbcf6a66dd5e52b0b508a02da97e37014abf7

SHA512
7842e4110aca78b3c1a8f0f316a97e3814cf4c700896094404025bf8537fd26dd941fe3fc41aa80573bbca4552ae8855b7c9115d2047ab999d368cadd7e39326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8ac7df872bb4de9b5951c57c1a3845b1

SHA1
feaf34a6ce66dcee5f3725762201e998f1a94da2

SHA256
042a64d7f1631288b78a9a426917e95c70b7318f7c58dffd1f585c50150de882

SHA512
e60ef63800711a299116a7814156ad80b2a3b7646dc62a7d7acfea60f614c5123d75abc2c3829a1f6100c41d2ad3efc900e01973d6a1092a6ef7a86ec5674b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
4205951c4ea9abf30ec836c7d3269294

SHA1
00ba5d11ab72cb6ee4b42f091e398bf8960fe698

SHA256
5902330da22d6855a2bcb2afc54adb8967e0afd0b1fe355c50dc30d8f0fdc663

SHA512
4563f4de6c8713f333d14b358f3387e806df94371e487e7625502b6248a5e5b3ba555c87b798da222b8856faab0dc87cbb37ae9dd9ecd61dcd6f420a26de3921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit