hxxp://rennicks[.]ie

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04/08/2023, 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://rennicks.ie

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133356397344453371"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 3852	4976	chrome.exe	86
PID 4976 wrote to memory of 3852	4976	chrome.exe	86
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 4804	4976	chrome.exe	89
PID 4976 wrote to memory of 3316	4976	chrome.exe	90
PID 4976 wrote to memory of 3316	4976	chrome.exe	90
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91
PID 4976 wrote to memory of 1352	4976	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://rennicks.ie
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8de639758,0x7ff8de639768,0x7ff8de639778
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1780,i,310093710864838601,6060826026130023297,131072 /prefetch:2
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1780,i,310093710864838601,6060826026130023297,131072 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1780,i,310093710864838601,6060826026130023297,131072 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1780,i,310093710864838601,6060826026130023297,131072 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1780,i,310093710864838601,6060826026130023297,131072 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1780,i,310093710864838601,6060826026130023297,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3820 --field-trial-handle=1780,i,310093710864838601,6060826026130023297,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1780,i,310093710864838601,6060826026130023297,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3872 --field-trial-handle=1780,i,310093710864838601,6060826026130023297,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
95f0c0998a51bde42a9e87cd16a209dd

SHA1
767858539fb57e218d4b1b99ee777f144e3c7c57

SHA256
920b96f48020431287bd106aa1c6915ef9bef85c884845890ae51c0bb136dea9

SHA512
335217d4e120d9921151feca6704efa2c73ec0b29ef0a4ea97106784b25448d33d3f67c2670c23420885aedaa2d8fccb540568efe5cf9bb511f0ca19297d42c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ea1d9280b0424a794851f7054cb7996d

SHA1
1ca06339d9e798ced5eb02f69d25fe43ebebdd51

SHA256
9923ebce3ccd0d1a72200f42ccb8ea9238fd1f362d654cbc2372c9565d14f503

SHA512
f1d07d0016c338a6ba8185dc66fb958758e21433de44ffd67e203626138ef00bd2edcab524b13c810f5e309456d4b014f9dac1399181605b61334aa20302ded3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
80d9aabd492ae01a245bd4bb905d939a

SHA1
128ab2077d583879b440c5fb158fc1ec0d833708

SHA256
297e7e0712d35e096716e189a49014c8b14af6d507589ed16f65f8686a2f1cc9

SHA512
1b667edcefbbaf58ad07130778ac201e2d9ee6b9abeead8054f1e0eef5512262ce9d5ca2ea287a968283106c792863952cd1f936563f2e70e269075a064d43be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
97f31d3ac74a8c97e9f8c92ddd0e3026

SHA1
14da958fbfb01834980872558834b45aa2eab998

SHA256
c62c930e0892325ee8919a6d474c3e0d828ec1b1b5abb62f267a18fc4f2b2c8f

SHA512
64616800eca24aa215aff8614f65bf035c2b1f77e4b81edb918052a2b87b9372a2446780676ca90166a5f5fdb70deaf140df60896560a522ebf73d7f802e2145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
e805f5d9530721d140dc6922272e8ccd

SHA1
3c0089f41b6427d252011d22b04600bdd451999a

SHA256
042ea05184297eb7f25524bd1372ae340387814d1650861ab7b0a745e3374c1c

SHA512
312e10ecd43f01b3e57791885a0dcea78acf2ea446ba1472b671e7d188db59bd1d13e2874b0baedf388a04ef2a419484da809dba76d0d04a477add3c970ee8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit