hxxp://www[.]adatergokil[.]com/de56fx239z5uv8V610edl86M504T25piDrrIrFDGaEiDvgfiD8sEIH46cd[.]9md5zYx105XA3ib/praises-climatology

Analysis

max time kernel
599s
max time network
594s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2023 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.adatergokil.com/de56fx239z5uv8V610edl86M504T25piDrrIrFDGaEiDvgfiD8sEIH46cd.9md5zYx105XA3ib/praises-climatology

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133358821903610998"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
636	chrome.exe
636	chrome.exe
3404	chrome.exe
3404	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe
Token: SeShutdownPrivilege	636	chrome.exe
Token: SeCreatePagefilePrivilege	636	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 636 wrote to memory of 4748	636	chrome.exe	63
PID 636 wrote to memory of 4748	636	chrome.exe	63
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 1868	636	chrome.exe	83
PID 636 wrote to memory of 3644	636	chrome.exe	84
PID 636 wrote to memory of 3644	636	chrome.exe	84
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85
PID 636 wrote to memory of 5112	636	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.adatergokil.com/de56fx239z5uv8V610edl86M504T25piDrrIrFDGaEiDvgfiD8sEIH46cd.9md5zYx105XA3ib/praises-climatology
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9a1e9758,0x7ffe9a1e9768,0x7ffe9a1e9778
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1800,i,12109938041627355574,14986619304699793515,131072 /prefetch:2
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1800,i,12109938041627355574,14986619304699793515,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1800,i,12109938041627355574,14986619304699793515,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2780 --field-trial-handle=1800,i,12109938041627355574,14986619304699793515,131072 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2772 --field-trial-handle=1800,i,12109938041627355574,14986619304699793515,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4856 --field-trial-handle=1800,i,12109938041627355574,14986619304699793515,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4896 --field-trial-handle=1800,i,12109938041627355574,14986619304699793515,131072 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1800,i,12109938041627355574,14986619304699793515,131072 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1800,i,12109938041627355574,14986619304699793515,131072 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3708 --field-trial-handle=1800,i,12109938041627355574,14986619304699793515,131072 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4776 --field-trial-handle=1800,i,12109938041627355574,14986619304699793515,131072 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2512 --field-trial-handle=1800,i,12109938041627355574,14986619304699793515,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1800,i,12109938041627355574,14986619304699793515,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5048 --field-trial-handle=1800,i,12109938041627355574,14986619304699793515,131072 /prefetch:1
  2⤵
  PID:848

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\78f7c08f-9628-4bc9-929a-25050d9dd83c.tmp

Filesize
6KB

MD5
b41dcaed04f802134892fce0d6aa75c1

SHA1
f28d701e3caed537412b4eee0c73c71b463b9412

SHA256
08d7ead96786f5090d1c6b39c577a055f787cb2878cb9a9e67a338d7a69936dd

SHA512
0c341482657dde14f547f76f2bcb480c328d774d44bd821b23be84df1e84f38dc05ede4b0e9ec5209d0e40c1d358c9ced2694d1016464340708241c436785529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
853B

MD5
43f351fe6c89e8c22a71a1c33915543d

SHA1
48408958329149cc7aeaed9a9db9dd82e4f69f67

SHA256
93d795cf5d87bfdef3ffc4c8d9a0b3e82bd56089b1ccec4d55ae11515cfe5501

SHA512
403b8db771d8db570524676e7cd22b2c688967e90c3c34cb35ac4250f87f4fa16a724e8b7564c997e451aa0643bba0c641de640dab71d5c95a0353892edd25a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
77f36d4c9008017c24dd3e7901ff2017

SHA1
c8cbc2a96a4eb158862938bc9a0af75474542060

SHA256
f8f374612fd87d925800c5740c80089a1fa8e679406331f66a477c888db4e567

SHA512
c3d014a0115ab2fc90c181d7daa9f8bd155ecf92551a54c9fa45346867810c02ddd0bed0d962fb8099a770bf3f95db5632cb1dd8fcc5999637d67ec725fb70a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
292d51b317684a3fd1e0e4d811651faf

SHA1
833adc1dd6910560e68c29b8d0ce30a0f35370e5

SHA256
a9587e614f970c63461587c8c4344a345dd2d87c9bf41e78897fc4cd65f05af2

SHA512
877c9c1c4995cf86b0e154ef2ce898ded453f93e59cd0c7cf04301bf302d5798da1c2c6218117327e661fdbb793573d60cd126ae807eebea03cb490faf8bae35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
48548437e5b7f2e2ec51d4dd1f3e2906

SHA1
c8ff5e4efc061bab604244d6288c125a92e4738e

SHA256
ccf2d0eaca3a7e5a67eb6054cbd7d2d7c6d55e6b7f1a08ccfec0f29a927cf6bb

SHA512
3b2aeeb7c8a2925d0114a25deae74a07235c0e3b0254249ce7efe106921cdeafd5d1f5e1d6c5043ae7519835d3235cf7fc91238d4375ef7fd542e3318fd97610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit