hxxp://www[.]scottcross[.]co[.]uk/

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2023 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.scottcross.co.uk/

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133358991728421781"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3020	chrome.exe
3020	chrome.exe
4416	chrome.exe
4416	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 2672	3020	chrome.exe	81
PID 3020 wrote to memory of 2672	3020	chrome.exe	81
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 3936	3020	chrome.exe	83
PID 3020 wrote to memory of 4112	3020	chrome.exe	85
PID 3020 wrote to memory of 4112	3020	chrome.exe	85
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84
PID 3020 wrote to memory of 4268	3020	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.scottcross.co.uk/
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfff89758,0x7ffcfff89768,0x7ffcfff89778
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1860,i,12099338687295703632,9016340374953645055,131072 /prefetch:2
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1860,i,12099338687295703632,9016340374953645055,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1860,i,12099338687295703632,9016340374953645055,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1860,i,12099338687295703632,9016340374953645055,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1860,i,12099338687295703632,9016340374953645055,131072 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4584 --field-trial-handle=1860,i,12099338687295703632,9016340374953645055,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1860,i,12099338687295703632,9016340374953645055,131072 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1860,i,12099338687295703632,9016340374953645055,131072 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2568 --field-trial-handle=1860,i,12099338687295703632,9016340374953645055,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
a424b7ded362847962fabbce2d3ce214

SHA1
e889c86d7255c2e40eb6e3ac684bc2882bdb3076

SHA256
6d2f3225bdace0ab35e6818589241825a89238b8b2dc748da56482a2ef0862fc

SHA512
8954d706cbcf0865eb58c7d95f91eb310822aed5b6b26c79ba31911af52e82c0794ea3e1b3bbb5beac1fec94ba395872428d8d8f63743a2ccb9edb6381e7a0e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
208dfcf29256562ec52b371444dc96cd

SHA1
87e00f5efd7770e88be0c7656caf88dcb43c4b02

SHA256
f7d1a511032ea8d617930b94ceb7926e80d595ad11d1b033e15b37324adc8057

SHA512
a2e3eb5d6e55df16e2b37e713a6ee21526ce15b0ba852cda21c677002981b79bc4f341b70ed5fc5da92c6337c784687da5767107e34e28c6ce3c37fe57af488b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
846B

MD5
5c94e0b0e47c27d15f3920e69c6dc444

SHA1
64afa20c9ae724f593d3c16f98a517e355e82a9e

SHA256
895de89ccc8d218aaa1072eaf18b659fb6bd1da85280d77a66af9d8b1bbbec3a

SHA512
4cf2dc707d5472c1951d46e2d868ba7d1f61704520ac0e62103f6106e52f4c500b016d183a4ccc6ad7a0efb203ab22fa1fb05e1ba8a67649ad864da3bec23513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
a36ebc89ac740c9a8d3e29865b7ef400

SHA1
17426e4c7037ce5b877f490ea75cd0c1872abcc8

SHA256
aa3f22cce63b625a9e5a630b64e4161ca12a04ce39490d2b9757fe084f439d08

SHA512
4a314a6bd9ff92eb82b0057558fd5ce8937a556f7c1e0f7547182306f6cdccba90b50422ec38cc62ce0a26eadcd178dca1396614a03b788f01653d6010513eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1ece17251b800f15b846dc46674a5dd0

SHA1
5568d0e60583585be678695fb67c5022f897ea6e

SHA256
2b9569292ee209ee98f0bfb2383e8b958db4cf4e44b009f1b91019b38798590c

SHA512
2fca94f17532519657312b86028af33500b31a693f56f4d140ba40b5b847146a5138e9d0c2c61c4f06eab7adb1d24fc82a2d1b377304583ef4cf9874fbe94c55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
95be97044f907c6d83b08b2b16e14112

SHA1
16b04f0787600a6ede70d9e4967c759513344245

SHA256
0e8f48b403b754d8549ba68ecb3655809316edb56c015090b75a7a1b9577c785

SHA512
c0b67a31ce67f5a5d3376ef9c64e5130d81b1efff4b176e306bbd37ac66a9936d11e9eaa5f93f5bc8f8bb6cedcf3f76fbb281212c78629d56aaab7f6b59cd80b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d4d5f8a6d5117c642a6fb881c2cd7697

SHA1
51fa336b132e75e6e5caad8b38b6679c90e50f59

SHA256
f89949663df41d219975390947cb1d38c652309038306aacd57795587037f9ca

SHA512
b1bd6190e5018e14441ad643e17a1369dee2a7257aabefaa520a1b82bf06ef5661de33ae24d495bcb6983e1cc1695cce710dd35798f17c3dceb7edf6d2a4c28a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ca22cbce11651dc7bccd5d8c6628de98

SHA1
feb3d56f2d3cd756dfb542fd838bf63c3b9bd137

SHA256
3a169628e66a1009379c2fb5703d4899c7e1714bc9b3e8d01138265f1d3276bd

SHA512
419d45e51fff2e9efa0f416ac6fb4418e319de4428bde469d56cbab9ba10d7138e5afc80d3b7bf35954eca0f345f70370744e6c7601bd16e64d64a6e5b456cc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
50993ff762e21d690c4eb7a3b5e8e2ed

SHA1
fd2f95134e22429c88278ecfe9fb40f0fc4603f5

SHA256
9afb4b433ee560e18836cded1820a04fa03a7a7a2a47488c23e077edbb0dab4d

SHA512
afd72f3ea7a77c01e7ee11ca2f7760bfd63d58d2108d0544ea293745febe07b348b3e776b6cfcb6d5fb6a28f8c0ee6579704c445e7320d2e3d82ec1099f927d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit