hxxps://www[.]linkedin[.]com/slink?code=gm-zcPdW#cnVhbi51eXNAcGxhaW5zbWlkc3RyZWFtLmNvbQ==

Resubmissions

03-08-2023 17:39

230803-v8nwjsgc6w 8

03-08-2023 17:02

230803-vj468sga2y 8

03-08-2023 16:59

230803-vhlcqsef82 8

Analysis

max time kernel
60s
max time network
61s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
03-08-2023 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.linkedin.com/slink?code=gm-zcPdW#cnVhbi51eXNAcGxhaW5zbWlkc3RyZWFtLmNvbQ==

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355557448503076"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3332 wrote to memory of 2420	3332	chrome.exe	70
PID 3332 wrote to memory of 2420	3332	chrome.exe	70
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 2540	3332	chrome.exe	73
PID 3332 wrote to memory of 3352	3332	chrome.exe	72
PID 3332 wrote to memory of 3352	3332	chrome.exe	72
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74
PID 3332 wrote to memory of 3004	3332	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.linkedin.com/slink?code=gm-zcPdW#cnVhbi51eXNAcGxhaW5zbWlkc3RyZWFtLmNvbQ==
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff953239758,0x7ff953239768,0x7ff953239778
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1772,i,18292874053856531705,7327308814956239688,131072 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1772,i,18292874053856531705,7327308814956239688,131072 /prefetch:2
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1772,i,18292874053856531705,7327308814956239688,131072 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1772,i,18292874053856531705,7327308814956239688,131072 /prefetch:1
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1772,i,18292874053856531705,7327308814956239688,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1772,i,18292874053856531705,7327308814956239688,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3156 --field-trial-handle=1772,i,18292874053856531705,7327308814956239688,131072 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3156 --field-trial-handle=1772,i,18292874053856531705,7327308814956239688,131072 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3788 --field-trial-handle=1772,i,18292874053856531705,7327308814956239688,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1772,i,18292874053856531705,7327308814956239688,131072 /prefetch:8
  2⤵
  PID:3784

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
3276675d22c6540be534d76d31961509

SHA1
aa51cb4d928e05f287b471bb74645ef5bcc6fd3d

SHA256
29c72288bf4536324572a2d91bbdcdd4af1164d507c81c529cee54877f55483e

SHA512
e913b268ef580911eb456504799ac4fa844881a0c93f55a61b1034e10e04ab729b22fa53abd51fbd9f3e4a518bfcd8eb12fc0d3942c316b53f7b8914d6ce86bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
535B

MD5
1f47f446f3b20853b623cc7e922a8e16

SHA1
9372364127819a88c988f962dbbc784c8c647157

SHA256
32a17f836874c5bc3adcceecacaaf3b81337822a3dd9b9965faca8529c638f7e

SHA512
f998f0eca06c795226c482ac51ff0aa69b6ad07ac8b39f25cd5516c0890f6e262b8f8d53ad60c965f7f3725c2172628a16794b052ab5d913481ba5423c40fa9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e9aa0ecf4d557d55d271007134284e57

SHA1
c34e325e4502b40040582666b0cc39478a077b12

SHA256
fd42834f2b1bdaa41e20d52a8e32071a866426325bbfe8ef6d58b36e707a6421

SHA512
7e0a0f483bf24b2d54e0638a1e96dd3c7d13b77ad0deb57b0970b8ef6b3ee5a8bb2712a66c24edf5d822f784ac4abc77fb5d2c5eceb4ca6cb57ed777afc92a5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
00bef775072b023f8932ab005a1f6dcd

SHA1
8886701a9f3ca9eac1e514aa84f686306eb4213f

SHA256
120d39445283347aab43834ae840de729a9e67f7dfa8c1017c554719f94d5a02

SHA512
5efda5b2616363a29454c1a32909ee33f29c6af1133ccd34b8e031a6e67ca737117140268b97c1db0f0dbe1386c66daeabc4caa250b60a8746b2dc3f01e1e4ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
b6cb31d8af01186b2ca60b78fb667034

SHA1
90922b9cabe67a2a6c72d976fcb4c8e7922f9a21

SHA256
7971fa6c9860a65af1bdb78e4ee832331b1b25b387502e560624796346e1e71e

SHA512
ae2761d7312049386e16d35df2d15700f774603cda78b8ea9a72a38878fd1e79fa60eeac32154d0e40b21e0b84e245b25be0e1bc09504295e5184a758eea2c0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit