hxxp://img3[.]tapimg[.]com[.]s[.]galileo[.]jcloud-cdn[.]com

Analysis

max time kernel
152s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2023, 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://img3.tapimg.com.s.galileo.jcloud-cdn.com

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355555278390219"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4952	chrome.exe
4952	chrome.exe
2040	chrome.exe
2040	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4952	chrome.exe
4952	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 4296	4952	chrome.exe	86
PID 4952 wrote to memory of 4296	4952	chrome.exe	86
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 3136	4952	chrome.exe	88
PID 4952 wrote to memory of 2976	4952	chrome.exe	89
PID 4952 wrote to memory of 2976	4952	chrome.exe	89
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90
PID 4952 wrote to memory of 848	4952	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://img3.tapimg.com.s.galileo.jcloud-cdn.com
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbeb09758,0x7ffcbeb09768,0x7ffcbeb09778
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1864,i,4543609833965597135,476932257257893906,131072 /prefetch:2
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1864,i,4543609833965597135,476932257257893906,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1864,i,4543609833965597135,476932257257893906,131072 /prefetch:8
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1864,i,4543609833965597135,476932257257893906,131072 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1864,i,4543609833965597135,476932257257893906,131072 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1864,i,4543609833965597135,476932257257893906,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1864,i,4543609833965597135,476932257257893906,131072 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3672 --field-trial-handle=1864,i,4543609833965597135,476932257257893906,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
1f4dd69a0f83eea136edc90d587d6b75

SHA1
3e82ae5418d1d4bfcbed742f564413830bc73d2f

SHA256
4e2ddc0568a6f7300e64e1e4c16b2c3cb387f8f42ff1db1013a7a81aba472996

SHA512
c9763645001bb806d1f26879b77ab1654bd6ad9c3602ae4c98ddb1b09753a4d7da8e9b9495a26d4f433ec2a557158fd332355b2bfa53132cbf6f462ba0bd8503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
836B

MD5
30adc9420aa4444e3346b509808bb060

SHA1
21f1cb25446f3da73a45c20bf33fb0d36a1451f3

SHA256
5ef6084d5ba81beac3172484e80f47697cc4b866d392b3d14413f01aa4c0407b

SHA512
546721f5fe8ca31cf293f58f3de03dc83e1d59c29af2ab73a2524dd1b8f2d392ad4e05e58baddf7600b75265e183219f8e6491b8f58661834711d1230f14ae67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
78da1a9c1d98913a6a7fc695ab287c97

SHA1
6d5b045c87aa084dd91225d7ee980296976086e3

SHA256
0e62a53c9431e76c1f7c191a69170ad808027956adc656e2bfe659ac8e2a12ab

SHA512
e1d69a1685c349c2ba203c2b536ceb2f05ee5a53932e4984de07c4d1c9de1063367bb6d1d22eb26077e61655bda44240888012ed0ab9e9d1bf193ffe625fe067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fe8e4415bee957137e465789105477bc

SHA1
8ce3cffd6f0a6bdb63f33c9e9be2a0488ffaf0a8

SHA256
2180ed4d4f0c0a500182060afdf858690388c4113f1d0c4d6107cd3c129ce353

SHA512
eaec4914a99393136064f14ce347b368251b061fc8ef1cef287966d84fa72deda1536e986ca7ed1bc8c1d31b48ebd460b66e64fbc98e4546ad05e106378a34fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f8e394f4c551e16e4aed995b06dc10c2

SHA1
ed2759649a193c8e1ce0550c2f9631158e03900b

SHA256
4753168c28ee625dc10af975b95fe65a98d189ce31e9fe8ff7cb2696546613a7

SHA512
de39c465ef24f0a8e75b4887e80ada4d0837a27c67b1756a34682edeb166fcb0c454f4255b36b495160172b418837beaa961c56cea21a61e07d07d9ff87b5c8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
db902eab6b4b9720ea6dc98157d8d176

SHA1
82d7e59b72b0658d992ffdee9213aa3836d5dbd2

SHA256
40754a2b74ed15856a2b0f264eb84436af062e1863ed762c17f27f2a9f52e8be

SHA512
d2ff7e1486e2766e7e3799919b29405eeda10ad2900dfe403a983123f5867a26d8e44b3d84084d17d1edf04c2ab51d910c44ee5e7e4c71eb5b91796fa1208a70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
3ba352d229a40951fed12f25653fde4c

SHA1
2fab936600165f4a84c20e8ef9f6fbf08bd64af7

SHA256
7c15a02f88c93a13e212e863c58aeeee350b547b36a0040d7cb47724ad25426e

SHA512
02e9e979f62fbe735fed5e25e9a4f0057ef868b171e4d80bd2cb6d3a2b54d98220e27143c7851844ef46c720435c10da0ea2697ba860544834a629128a729312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit