Resubmissions
10/08/2023, 22:41
230810-2mj4sshd67 107/08/2023, 20:48
230807-zlwebshd39 106/08/2023, 01:58
230806-cd7q3agh6w 105/08/2023, 22:43
230805-2ndcmsfa69 104/08/2023, 23:11
230804-2593yaga7y 104/08/2023, 15:03
230804-se8bzsch5z 103/08/2023, 22:07
230803-11w5vagc74 103/08/2023, 11:46
230803-nxsl2aec4y 103/08/2023, 00:07
230803-aef9dsad88 102/08/2023, 19:21
230802-x2q4faaf5s 1Analysis
-
max time kernel
59s -
max time network
67s -
platform
windows10-1703_x64 -
resource
win10-20230703-en -
resource tags
arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system -
submitted
10/08/2023, 22:41
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://shop.awesomatix.com/auth
Resource
win10-20230703-en
windows10-1703-x64
7 signatures
60 seconds
Behavioral task
behavioral2
Sample
https://shop.awesomatix.com/auth
Resource
win7-20230712-en
windows7-x64
5 signatures
60 seconds
Behavioral task
behavioral3
Sample
https://shop.awesomatix.com/auth
Resource
win10v2004-20230703-en
windows10-2004-x64
8 signatures
60 seconds
General
-
Target
https://shop.awesomatix.com/auth
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133361809335899707" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4328 chrome.exe 4328 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4328 chrome.exe 4328 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe Token: SeShutdownPrivilege 4328 chrome.exe Token: SeCreatePagefilePrivilege 4328 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe 4328 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4328 wrote to memory of 1088 4328 chrome.exe 65 PID 4328 wrote to memory of 1088 4328 chrome.exe 65 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 3904 4328 chrome.exe 72 PID 4328 wrote to memory of 4968 4328 chrome.exe 71 PID 4328 wrote to memory of 4968 4328 chrome.exe 71 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73 PID 4328 wrote to memory of 5016 4328 chrome.exe 73
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shop.awesomatix.com/auth1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4328 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa8df89758,0x7ffa8df89768,0x7ffa8df897782⤵PID:1088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1864,i,11518061364417553381,870007433038925686,131072 /prefetch:82⤵PID:4968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1864,i,11518061364417553381,870007433038925686,131072 /prefetch:22⤵PID:3904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1864,i,11518061364417553381,870007433038925686,131072 /prefetch:82⤵PID:5016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1864,i,11518061364417553381,870007433038925686,131072 /prefetch:12⤵PID:2088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1864,i,11518061364417553381,870007433038925686,131072 /prefetch:12⤵PID:204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1864,i,11518061364417553381,870007433038925686,131072 /prefetch:82⤵PID:3940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1864,i,11518061364417553381,870007433038925686,131072 /prefetch:82⤵PID:4156
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4588
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
539B
MD53719bf789c5463baecc86c2342650fab
SHA1fbdd2dbbe9eaf0725d79eb11a8c29c693d83faf3
SHA256b94f898f6766d6e7cc9cadbf374fa1f574fdf5de434fad34374b80b5c8133fb0
SHA51218bdc735ef7531d68f4b41485cc72fdfb9b70c6d66287391e8d050cfc645d17a2a726faf062199208d501c3153ae162d5e0d9e718885ac85383b3fc7bb658bb2
-
Filesize
6KB
MD5e1441605aa6e600583b0a398772637d2
SHA1e2fc39b72e5e3651a42a78aaa03d0b370352fcae
SHA2566b3c92ac24e48fa6c685e17a7667ac3600703fab6d639c9a34ed1b5d5e0d3106
SHA5125a9e0f261b15bf66dfa8f6b14739d168fa780e98e66610e9a59abf39c7150fa8bde522cbf3a9d82a3af0f313b926a4785900b6a265093279afda4d5225b160cc
-
Filesize
6KB
MD5d77b59700be407e9f84f5afd226f7c93
SHA1bbd69c30b75fcc0898e35b693252007c223b4e6d
SHA256017ca8bc080a610e725a34714632865926c45a00c300b118af2dec985f928996
SHA5128546a4fc5d38c5b3b55a53ae23abc76525c65ed51d3948115abff98a5e6a0656918bd3b6815ad9d157d0a2e285273391323eda681950759a0070d0bff7f3c721
-
Filesize
87KB
MD508e073758d2905d42802acc5b58281a2
SHA1c2d9e50d42929a6bcdd523e4e71cd68de2142f24
SHA2561f8aaf7d68aaa141e0d0658a0a69ccc830e0f1e28553e8f50cc7784cdcefd496
SHA512d6e0d8f07c50b2ace3f505e0a70d5b850ce48b046da8cdceedd531067a9dfa3acf8f29971e8f2c5266c8004b7337dbf358729020e31b0f10509e4f34b5adf635
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd