hxxps://clt1332995[.]benchurl[.]com/c/l?u=FEF721E&e=16ABBB2&c=145703&t=0&seq=1

Analysis

max time kernel
134s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
07-08-2023 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://clt1332995.benchurl.com/c/l?u=FEF721E&e=16ABBB2&c=145703&t=0&seq=1

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133359031790795735"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4220	chrome.exe
4220	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 1604	4220	chrome.exe	82
PID 4220 wrote to memory of 1604	4220	chrome.exe	82
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 2764	4220	chrome.exe	84
PID 4220 wrote to memory of 4204	4220	chrome.exe	85
PID 4220 wrote to memory of 4204	4220	chrome.exe	85
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86
PID 4220 wrote to memory of 3920	4220	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://clt1332995.benchurl.com/c/l?u=FEF721E&e=16ABBB2&c=145703&t=0&seq=1
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff162e9758,0x7fff162e9768,0x7fff162e9778
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1900,i,3347682902937261393,16131212991113807493,131072 /prefetch:2
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1900,i,3347682902937261393,16131212991113807493,131072 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1900,i,3347682902937261393,16131212991113807493,131072 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1900,i,3347682902937261393,16131212991113807493,131072 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1900,i,3347682902937261393,16131212991113807493,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4556 --field-trial-handle=1900,i,3347682902937261393,16131212991113807493,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1900,i,3347682902937261393,16131212991113807493,131072 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1900,i,3347682902937261393,16131212991113807493,131072 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1900,i,3347682902937261393,16131212991113807493,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
6eea3c95dcdb199646bcd5d4e164700e

SHA1
07f6bae2c14708f3648f3471169826daf5f497f3

SHA256
3d09c26ea5b8e530b051a9ba859c35e12c5c5ea07a5a5a78cf38b5841bd23e91

SHA512
744d3e7583c702b4ce7f7b6ab3c6130f9cf4d3a72b516329a2ac71948ce887d91f7535fcf86ac6132b61814d2b5d3ace0859bb91e348bc386b206240b2fd2a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bf674d674167f40b49d163b4938ae8ce

SHA1
58790b0c35f26ba639147fc267d4589999f09fcd

SHA256
56b6a2534be77ed719bf73194493f9a18b18645db166c261a7fe814abebcd73f

SHA512
55d13f7333f35e418ca48b6162debfae3d759d5d4f40883a02b99d7ebbe52aa4ad97c1fbfb76cae471e92bde39562d6fe7e7745542c6d824786c506b62b49cef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
de1a094c82a7fe8f5d9926c25d03a68f

SHA1
a7c95d6f04c61947c7c264abb7f7fb9225534ba3

SHA256
e17d7f406367a4e22ebd1c09097ee4337e462dcc5ea27f19b841514e2d3ebb25

SHA512
998c9c7f51c2a651fb1e79c37cc1d754096d236580bd9d33a868d88ad1ad3bd94bf47f212dc6f16a93916dcb75e0d42423ad6643dd7b53d9ae68cf543e190d07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
962821d108abee05ccffde818bc793a5

SHA1
deb607e10b243dfd3e8a1b7ee951dce52d588cee

SHA256
052950e8c8704750c75f576fadb6406101e2c40cfbee45f0c8224c188f50ab08

SHA512
7b400c9e0cd000b6aa669846505d7142ad780eeca9aab34477c5bb0409f8f9bee6f433f83806888556092499cdd9291410c02c7ddf642d1141f7bf8f9f9b67e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
ffade619abb02c3b025b8a5852e2e42a

SHA1
7133728a028a1f9121a19f476700200078d13dde

SHA256
6c704e5c76ea2e8af6b185bf83b5a8ba21ee26c3ad6e7f2913e73565e04ad448

SHA512
6e9821835e3625eff1e6b318e06584499d2ef3d2d19e91a3db39593cc5d2ff21efffc7449bb1c013d285dfd4b8059c5fca049c7d3f701a7d7ec81da33f5da69b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
9276fe69e910fcc9d8e56a113d0c5cbd

SHA1
6e8e7e09085ae0ba8011b8a2a9889bb983198898

SHA256
a82a86e9789ede0811f9148c1c0f0dc93b15d48d737e3fd5aba5208767848ce8

SHA512
b1e95611e2aff24e709ceb85fc349a89d591223559efbf8484439174b6f9113cbca9327b85a2f075729188ff35c3ea6b1738beae279051676eee25988cd2fcbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
df4593936b5a77b042d3f516c9ba5874

SHA1
586897ebe5d4e3245c72f9dd84fe9a8deee017f8

SHA256
71f27ec0512e14730b0e7fd7ee99b4ecb4865e47476f387e38a05ddb1a9513b2

SHA512
5d5ad4bede4594c085bc7c475ab7e812ee2f856d1e848f9d793d1f5dc727161084649db015f5e834a4a181785f42bfce1d13889e298ce9b8826ce18e0f5fc1c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aa24a7bd814ed22f103bafb00901564d

SHA1
90ee491522a4dcacbf9c6b2ce761a8f494efc53c

SHA256
9e997f071396350e8654391352b66f90fd9bf545ca30732c2b85455d7577780d

SHA512
b358a3eccb0952898508de5c1fe6bca848d17a169a4ce81a361a63d151739704764d4f733c183bb8839b2adb8dbe37e95300370a330981a2b38c14d4bd8b0865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
b3a24179370a110d0e373ff98c529a05

SHA1
bc2e486a7a2258dd8332d7dc2e08ebe4743590dd

SHA256
c14c8cd3efa7475c7749b7c71acab9cea475ef985926e0cedad691a0974f1bbe

SHA512
5da9840d5a7c17f156e186814a9a7ad78b43211329de8cbe24f093752265b4ef6d932a9088fd1866a38bd327fa5c55c964d4d3a9adead81f60625b3da0bbd028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit