hxxps://shop[.]awesomatix[.]com/auth

max time kernel
8s
max time network
65s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
06/08/2023, 01:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shop.awesomatix.com/auth

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2596	chrome.exe
2596	chrome.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 2600	2596	chrome.exe	28
PID 2596 wrote to memory of 2600	2596	chrome.exe	28
PID 2596 wrote to memory of 2600	2596	chrome.exe	28
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2412	2596	chrome.exe	30
PID 2596 wrote to memory of 2812	2596	chrome.exe	31
PID 2596 wrote to memory of 2812	2596	chrome.exe	31
PID 2596 wrote to memory of 2812	2596	chrome.exe	31
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32
PID 2596 wrote to memory of 2820	2596	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shop.awesomatix.com/auth
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c29758,0x7fef6c29768,0x7fef6c29778
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1220,i,9524366312901707915,10363190000410111535,131072 /prefetch:2
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1220,i,9524366312901707915,10363190000410111535,131072 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1220,i,9524366312901707915,10363190000410111535,131072 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1220,i,9524366312901707915,10363190000410111535,131072 /prefetch:1
  2⤵
  PID:268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1220,i,9524366312901707915,10363190000410111535,131072 /prefetch:1
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1456 --field-trial-handle=1220,i,9524366312901707915,10363190000410111535,131072 /prefetch:2
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 --field-trial-handle=1220,i,9524366312901707915,10363190000410111535,131072 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3580 --field-trial-handle=1220,i,9524366312901707915,10363190000410111535,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3780 --field-trial-handle=1220,i,9524366312901707915,10363190000410111535,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3476 --field-trial-handle=1220,i,9524366312901707915,10363190000410111535,131072 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4000 --field-trial-handle=1220,i,9524366312901707915,10363190000410111535,131072 /prefetch:8
  2⤵
  PID:1568

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:752

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2684

C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
"C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe"
1⤵
PID:2560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ed9bb2643e6050804876f309a96cb66

SHA1
1095dbf804f6b35b6fcd83e3a71dc2d4fc76f394

SHA256
f591e6dae4b0b60ad0e9f1e746dcfbbcc09ca6415a90b71df1da85916d49b23c

SHA512
4794298c787245a93280e34093506309f4247c443a33871331bcec24d4325231b2bc789589863155416aec9c8e29755c7c529163d2a1daef09dd1bdb4c48dfe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
df7e7446466762e693ecc90662e1a0dc

SHA1
7d628983bba1a17a4e32c0567a02c7e4ea3c9c85

SHA256
b6be2ea7d6639409f855025311ef4c0de39f11cf6b4f6bd7ef8a34dab59219b5

SHA512
2acf471919f7b1a831dd74c54b4623d46f444a7b09a06e744929e9cb216ddfb718dc66ebd5c170f7e8b0c1c786dc79d3eda5d2db9106f8b11ce68f3b0579c14f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
58d717262819d3a28ca051f9576414fc

SHA1
4f3576c53e87ee7fe23178374da08cf420b60d97

SHA256
f6fed609990a43aa8b9bc34e61322abea1f6b0cf4e83bfe6cf256d0f205fa5c4

SHA512
4d0e8339ba26566550f316d68f0cd59dd54b14df0995952e80ca9e6b7328ad9f06ee04d78eb2571ac2c7b27560680dac293cdeed9a60a008a7530dccd21ca598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
1d609b9d1e45a7705cbe7cde1e57c479

SHA1
c6896f080df8866e28b504c8a4a313f0107699fa

SHA256
f99ea07b75ea7388e3ae1042586cfb76b02fe6352615e70c4801cfa4228a7be8

SHA512
46319b3995b6291f64eb3de7eb301bc9be4517bb6fa8ccdc5606210e34e45e4f5348907a4b4090c3ed7d5c3c17cb6cd68116529e2c00dac7b2a55d7b393c2151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
ac73c5671dae6030916c9ce5a4e17e01

SHA1
f0e2fbc0c73e074ec6ed92d1d924ad61876cf2da

SHA256
44cd8c676f2e931af2b5003b632ad14694341bb698cba7acc2415dcf12e41ecf

SHA512
48e9b696db31ba8d11360652fcd0c7c4eb69a2f22fa77a66dd31bf565d3835359e92523be1e95c0d1c223695e5aa113c6bc580fafae893169d1c09dfb57617d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7CA1.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7D30.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
memory/2560-225-0x0000000001D20000-0x0000000001D2A000-memory.dmp

Filesize
40KB

Download
memory/2560-246-0x0000000001D10000-0x0000000001D11000-memory.dmp

Filesize
4KB

Download
memory/2560-226-0x0000000001D20000-0x0000000001D2A000-memory.dmp

Filesize
40KB

Download
memory/2560-224-0x0000000001D20000-0x0000000001D2A000-memory.dmp

Filesize
40KB

Download
memory/2560-228-0x0000000001D20000-0x0000000001D2A000-memory.dmp

Filesize
40KB

Download
memory/2560-229-0x0000000001FA0000-0x0000000001FAA000-memory.dmp

Filesize
40KB

Download
memory/2560-231-0x0000000001FA0000-0x0000000001FAA000-memory.dmp

Filesize
40KB

Download
memory/2560-230-0x0000000001FA0000-0x0000000001FAA000-memory.dmp

Filesize
40KB

Download
memory/2560-223-0x0000000001D10000-0x0000000001D11000-memory.dmp

Filesize
4KB

Download
memory/2560-227-0x0000000001D20000-0x0000000001D2A000-memory.dmp

Filesize
40KB

Download
memory/2560-247-0x0000000001D20000-0x0000000001D2A000-memory.dmp

Filesize
40KB

Download
memory/2560-249-0x0000000001D20000-0x0000000001D2A000-memory.dmp

Filesize
40KB

Download
memory/2560-250-0x000007FEF2A40000-0x000007FEF2B71000-memory.dmp

Filesize
1.2MB

Download
memory/2560-251-0x0000000001FA0000-0x0000000001FAA000-memory.dmp

Filesize
40KB

Download
memory/2560-252-0x0000000001FA0000-0x0000000001FAA000-memory.dmp

Filesize
40KB

Download
memory/2560-253-0x0000000001FA0000-0x0000000001FAA000-memory.dmp

Filesize
40KB

Download
memory/2560-254-0x000007FEF2A40000-0x000007FEF2B71000-memory.dmp

Filesize
1.2MB

Download