hxxps://radio[.]garden/

Analysis

max time kernel
27s
max time network
31s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2023 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://radio.garden/

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133357501883292788"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe

Suspicious use of AdjustPrivilegeToken 32 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 4524	4900	chrome.exe	82
PID 4900 wrote to memory of 4524	4900	chrome.exe	82
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 3424	4900	chrome.exe	85
PID 4900 wrote to memory of 2080	4900	chrome.exe	86
PID 4900 wrote to memory of 2080	4900	chrome.exe	86
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87
PID 4900 wrote to memory of 3496	4900	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://radio.garden/
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8be6b9758,0x7ff8be6b9768,0x7ff8be6b9778
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1896,i,10890130703423874434,7612747018932632024,131072 /prefetch:2
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1896,i,10890130703423874434,7612747018932632024,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1896,i,10890130703423874434,7612747018932632024,131072 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1896,i,10890130703423874434,7612747018932632024,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1896,i,10890130703423874434,7612747018932632024,131072 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4580 --field-trial-handle=1896,i,10890130703423874434,7612747018932632024,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5176 --field-trial-handle=1896,i,10890130703423874434,7612747018932632024,131072 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3688 --field-trial-handle=1896,i,10890130703423874434,7612747018932632024,131072 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4932 --field-trial-handle=1896,i,10890130703423874434,7612747018932632024,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 --field-trial-handle=1896,i,10890130703423874434,7612747018932632024,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 --field-trial-handle=1896,i,10890130703423874434,7612747018932632024,131072 /prefetch:8
  2⤵
  PID:4876

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_radio.garden_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
65837be9610fc8ad4658d9658253ace0

SHA1
af044ce187152fb5f47b64ac6f851a0fe46ecaf2

SHA256
93919265648dc39fe7bd6f98e005a6f8ec08616d3ab0bda9c151b2d3e69cd8b1

SHA512
0efcaaef7a92cc51858b47acc3349017d16b3a4f0e509a2554ab675d656659b6853a2fa92c72fb3d8947e395c2ba5664cb248d4c48922116c02ae910599af1b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
a765f1c4671e44ba654b696989f7f764

SHA1
aa3b7fff05a0de52b19c062d841d6fe420061b0b

SHA256
f8f21c2e95e31be6116412990dead0b113c51d13276d6bb526770fe93e8d7dcc

SHA512
4cea8a9a4d85979a3da7d76f460a0b2fb7867ae76f802d87c26d231d61ebd81a566f76667974ae9a963311689b56c9508d5afe96e8688ea5d30bd2a9a26f8a7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit