hxxps://app[.]propfuel[.]com/to/eyJlbnRpdHkiOiJjaGVja2luX25vdGlmaWNhdGlvbiIsImlkIjo2NzIxMzkyOSwibGluayI6Imh0dHBzOlwvXC9hcHAucHJvcGZ1ZWwuY29tXC9jaGVja2luXC9mZWE4OTYxMC02NzIxLTRmOGEtYjlkOC1iODc2NGEzOWMyNDRcL2NoZWNraW5fcXVlc3Rpb25cLzQyMjgzMzU2XC9jbGlja1wvVG04c0lHNXZkQ0IwYUdseklIbGxZWEl1In0/go

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2023, 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.propfuel.com/to/eyJlbnRpdHkiOiJjaGVja2luX25vdGlmaWNhdGlvbiIsImlkIjo2NzIxMzkyOSwibGluayI6Imh0dHBzOlwvXC9hcHAucHJvcGZ1ZWwuY29tXC9jaGVja2luXC9mZWE4OTYxMC02NzIxLTRmOGEtYjlkOC1iODc2NGEzOWMyNDRcL2NoZWNraW5fcXVlc3Rpb25cLzQyMjgzMzU2XC9jbGlja1wvVG04c0lHNXZkQ0IwYUdseklIbGxZWEl1In0/go

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355568895787115"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4924	chrome.exe
4924	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4924	chrome.exe
4924	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 4432	4924	chrome.exe	42
PID 4924 wrote to memory of 4432	4924	chrome.exe	42
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 4896	4924	chrome.exe	86
PID 4924 wrote to memory of 2428	4924	chrome.exe	85
PID 4924 wrote to memory of 2428	4924	chrome.exe	85
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87
PID 4924 wrote to memory of 1336	4924	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://app.propfuel.com/to/eyJlbnRpdHkiOiJjaGVja2luX25vdGlmaWNhdGlvbiIsImlkIjo2NzIxMzkyOSwibGluayI6Imh0dHBzOlwvXC9hcHAucHJvcGZ1ZWwuY29tXC9jaGVja2luXC9mZWE4OTYxMC02NzIxLTRmOGEtYjlkOC1iODc2NGEzOWMyNDRcL2NoZWNraW5fcXVlc3Rpb25cLzQyMjgzMzU2XC9jbGlja1wvVG04c0lHNXZkQ0IwYUdseklIbGxZWEl1In0/go
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc5169758,0x7fffc5169768,0x7fffc5169778
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1844,i,15710337399836421862,7230344384093574481,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=364 --field-trial-handle=1844,i,15710337399836421862,7230344384093574481,131072 /prefetch:2
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1844,i,15710337399836421862,7230344384093574481,131072 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1844,i,15710337399836421862,7230344384093574481,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1844,i,15710337399836421862,7230344384093574481,131072 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1844,i,15710337399836421862,7230344384093574481,131072 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1844,i,15710337399836421862,7230344384093574481,131072 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 --field-trial-handle=1844,i,15710337399836421862,7230344384093574481,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
eb21e23f3efae67639775d65f599f944

SHA1
095cc84f11b815155a60639a723e00ca940b161a

SHA256
5604e7bd0ef7afc4657b9097714785195a6059b050c52d45237a305d4ed0fc88

SHA512
6c7ce7c050b2aa01bfec31545abd780716198aee8a8e1fa04af8c32c28bb3dd060499708d2783335cc6dc2165cbe7c8631de45c450e1f559615386268f4c0bcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3cd043503db4a52187d6d500a4e682d3

SHA1
5e7fc1c00557b51febb9ba4fa5821aca87d69914

SHA256
1572c07b7cbbd6510f5c436a0e8c30fd7fa04478ffad673fcea21e6464000f2b

SHA512
c46a21935bec1c6304228cf559f8440245e591b2474083b95022e323a56a64e5b047ffa2bd800fd617170524a774602b94d7fccc95e04f7ff0b9b6ce4fc951e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
7fbdcff20b1bb0579120e32d8392779b

SHA1
aecfb018b1d984bd00acd6c059cb1c28084433e6

SHA256
863930a470279a2cbd71d742ebcae27089b99016da9bbbea78c1ce2e0e06e392

SHA512
4242e44f3a517604bef4eafc83f7afa4b809eebc2c5e7de00cf2b23b9b6cdc6268d263ad797a9e002cd669e874000847eac6c503b9d8eef1c77b799dbd4d1574

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
df414f9c3a849e2752197e28b687c5ec

SHA1
4c17892499ebefbd757c2301ca18a7c9cefba36a

SHA256
a601352bfd8a3b2055973bb960801e3219a0ca722534e88622aa0afe70dfb0a9

SHA512
ee9ae0074ed0761efd0aaed746ed84d038382313d68a1463ed7ca7e9829c915f9bacb2a8fda887d318e849215d271a15c779ed67cda979089fd3007107bc35dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
418dee45888133d9694fced93468f2aa

SHA1
29f21e9b1cf999bd449e23407f6951827df8184c

SHA256
e252d885f4ac22ff3c2b0abc83e8471ae2bb13839507bee1c1b3cecae00bc756

SHA512
1edc476dfce7d82d4af6875a3b04fc9fa86199f4d5dd11e64e246702ff1dfe82a56ad64067dc8013c275a89e8dc249fbd2b7b74068ef10e693485750b14ca2d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit