Resubmissions
10/08/2023, 22:41
230810-2mj4sshd67 107/08/2023, 20:48
230807-zlwebshd39 106/08/2023, 01:58
230806-cd7q3agh6w 105/08/2023, 22:43
230805-2ndcmsfa69 104/08/2023, 23:11
230804-2593yaga7y 104/08/2023, 15:03
230804-se8bzsch5z 103/08/2023, 22:07
230803-11w5vagc74 103/08/2023, 11:46
230803-nxsl2aec4y 103/08/2023, 00:07
230803-aef9dsad88 102/08/2023, 19:21
230802-x2q4faaf5s 1Analysis
-
max time kernel
6s -
max time network
54s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
10/08/2023, 22:41
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://shop.awesomatix.com/auth
Resource
win10-20230703-en
windows10-1703-x64
7 signatures
60 seconds
Behavioral task
behavioral2
Sample
https://shop.awesomatix.com/auth
Resource
win7-20230712-en
windows7-x64
5 signatures
60 seconds
Behavioral task
behavioral3
Sample
https://shop.awesomatix.com/auth
Resource
win10v2004-20230703-en
windows10-2004-x64
8 signatures
60 seconds
General
-
Target
https://shop.awesomatix.com/auth
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2624 chrome.exe 2624 chrome.exe -
Suspicious use of AdjustPrivilegeToken 10 IoCs
description pid Process Token: SeShutdownPrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2624 wrote to memory of 2644 2624 chrome.exe 28 PID 2624 wrote to memory of 2644 2624 chrome.exe 28 PID 2624 wrote to memory of 2644 2624 chrome.exe 28 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2852 2624 chrome.exe 30 PID 2624 wrote to memory of 2804 2624 chrome.exe 31 PID 2624 wrote to memory of 2804 2624 chrome.exe 31 PID 2624 wrote to memory of 2804 2624 chrome.exe 31 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32 PID 2624 wrote to memory of 2940 2624 chrome.exe 32
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shop.awesomatix.com/auth1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ae9758,0x7fef6ae9768,0x7fef6ae97782⤵PID:2644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1288,i,18303901887728669871,15040707326816761761,131072 /prefetch:22⤵PID:2852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1288,i,18303901887728669871,15040707326816761761,131072 /prefetch:82⤵PID:2804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1288,i,18303901887728669871,15040707326816761761,131072 /prefetch:82⤵PID:2940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1496 --field-trial-handle=1288,i,18303901887728669871,15040707326816761761,131072 /prefetch:12⤵PID:2716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2120 --field-trial-handle=1288,i,18303901887728669871,15040707326816761761,131072 /prefetch:12⤵PID:2924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3300 --field-trial-handle=1288,i,18303901887728669871,15040707326816761761,131072 /prefetch:22⤵PID:1752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3596 --field-trial-handle=1288,i,18303901887728669871,15040707326816761761,131072 /prefetch:82⤵PID:1368
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1148
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5682b26e63a147fa7e885975e0ec5b674
SHA173eb5911621fbb839cde3585f160583426e8f3f2
SHA256ce23ea2b3612fb5ceca7049802e681c5d220e3672a6b729f76e28c0b3e2506b1
SHA512f4f86c851d0cfe67883d9acdcbb56afc6c3b3b5ff6474a5b2a55d05174b02cfaed7bee5908fdc6cd56eb5c70386fa5fa2f9e7affc4df21e8fa07dc9a07836b93
-
Filesize
5KB
MD5fd7c231482a9672f93dce5f0d9e1f936
SHA1f2bb707e92a95d83b58c5b37894cac7b7d15f8bc
SHA256752880f792924e4b351b916805eb876eb0c2800bf90672d09d612c014726fc18
SHA5125538eec76fa47e46c0196b8e2b5754f4f3a999acc7957e0f153a70de24731813eb855a295cd35e0a1fb852fa1bf92ad2b9d882acf65a864dc193fa9082a1e43e
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
62KB
MD53ac860860707baaf32469fa7cc7c0192
SHA1c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c
-
Filesize
164KB
MD54ff65ad929cd9a367680e0e5b1c08166
SHA1c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27