hxxps://shop[.]awesomatix[.]com/auth

max time kernel
6s
max time network
54s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
10/08/2023, 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shop.awesomatix.com/auth

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2644	2624	chrome.exe	28
PID 2624 wrote to memory of 2644	2624	chrome.exe	28
PID 2624 wrote to memory of 2644	2624	chrome.exe	28
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2852	2624	chrome.exe	30
PID 2624 wrote to memory of 2804	2624	chrome.exe	31
PID 2624 wrote to memory of 2804	2624	chrome.exe	31
PID 2624 wrote to memory of 2804	2624	chrome.exe	31
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32
PID 2624 wrote to memory of 2940	2624	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shop.awesomatix.com/auth
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ae9758,0x7fef6ae9768,0x7fef6ae9778
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1288,i,18303901887728669871,15040707326816761761,131072 /prefetch:2
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1288,i,18303901887728669871,15040707326816761761,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1288,i,18303901887728669871,15040707326816761761,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1496 --field-trial-handle=1288,i,18303901887728669871,15040707326816761761,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2120 --field-trial-handle=1288,i,18303901887728669871,15040707326816761761,131072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3300 --field-trial-handle=1288,i,18303901887728669871,15040707326816761761,131072 /prefetch:2
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3596 --field-trial-handle=1288,i,18303901887728669871,15040707326816761761,131072 /prefetch:8
  2⤵
  PID:1368

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
682b26e63a147fa7e885975e0ec5b674

SHA1
73eb5911621fbb839cde3585f160583426e8f3f2

SHA256
ce23ea2b3612fb5ceca7049802e681c5d220e3672a6b729f76e28c0b3e2506b1

SHA512
f4f86c851d0cfe67883d9acdcbb56afc6c3b3b5ff6474a5b2a55d05174b02cfaed7bee5908fdc6cd56eb5c70386fa5fa2f9e7affc4df21e8fa07dc9a07836b93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf771e98.TMP

Filesize
5KB

MD5
fd7c231482a9672f93dce5f0d9e1f936

SHA1
f2bb707e92a95d83b58c5b37894cac7b7d15f8bc

SHA256
752880f792924e4b351b916805eb876eb0c2800bf90672d09d612c014726fc18

SHA512
5538eec76fa47e46c0196b8e2b5754f4f3a999acc7957e0f153a70de24731813eb855a295cd35e0a1fb852fa1bf92ad2b9d882acf65a864dc193fa9082a1e43e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab85D5.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9217.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit