hxxps://voice-relay-c7b2[.]lucunego[.]workers[.]dev/

Analysis

max time kernel
150s
max time network
143s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
15-08-2023 11:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://voice-relay-c7b2.lucunego.workers.dev/

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133365715087583861"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4956 chrome.exe
4956 chrome.exe
1088 chrome.exe
1088 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

4956 chrome.exe
4956 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4956 wrote to memory of 376	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 376	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4624	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4396	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4396	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4172	4956	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://voice-relay-c7b2.lucunego.workers.dev/
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd7e439758,0x7ffd7e439768,0x7ffd7e439778
2⤵
PID:376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1784,i,17778901113101813763,12637199857857959391,131072 /prefetch:8
2⤵
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1784,i,17778901113101813763,12637199857857959391,131072 /prefetch:2
2⤵
PID:4624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1784,i,17778901113101813763,12637199857857959391,131072 /prefetch:8
2⤵
PID:4172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1784,i,17778901113101813763,12637199857857959391,131072 /prefetch:1
2⤵
PID:3396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1784,i,17778901113101813763,12637199857857959391,131072 /prefetch:1
2⤵
PID:3380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1784,i,17778901113101813763,12637199857857959391,131072 /prefetch:8
2⤵
PID:296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1784,i,17778901113101813763,12637199857857959391,131072 /prefetch:8
2⤵
PID:1104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1784,i,17778901113101813763,12637199857857959391,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1088

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\24725e4c-95d9-43c6-a02c-5c1e0b9e2eaf.tmp
Filesize
1KB

MD5
065205171032f348655f066aa72cc467

SHA1
d4a1f10e74ade898cfc21f29b31c9296d4440674

SHA256
0334710526aba8f2cd7a738341d65669e31f92c01bff9da71efd52aaa3f2028b

SHA512
149ef7b2643c74d7b3d6dae250644a8ad06f9eafe2c1a054ac51a05a8ebfe77c33ec8fc4230e0f41cf2483ffec9c519280c2933c2184ddf9f3be3035c30b483b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
1f2f8b65840683d6fd5b56cc55fe221b

SHA1
73bcf8bb0174e73e533545b56c93ae6214c6367c

SHA256
471b93427f469fc7cfe3d523927f8687555849795d84170be451e677914add27

SHA512
9390e1c95c00dd57674815083804e21b6735d4ec8cd596da48ab722f94d02b56f58b008b6f8d3624bd834c71d12c7b4f1a1a993bccf12845bbe3e470d32f0f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
d195bcc0f2638a8b8becd021f0ed3d7a

SHA1
eefc45cfdb145a2cc3f63f51d9997174a0bed802

SHA256
bf9244cb03411f043f6f697eb46037221a6410bf35a88758666dcbad5d0061df

SHA512
b159b79c44d88059f02672bb0d3bcaa4cfecb9882b9d83eb0026ad84f181a6ded46ec69645bb6309c0f8078722d35c8a0ea4965e445e7eb5aff43436890b9620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3d18da88e92d37d6c92e8dca7d34b377

SHA1
c506b093dc071e11067be3ac598cdbddf7c26c02

SHA256
08de65419152eb96c76f5c60432c4fa05ff7c73022d1874a4a5c8344cc84651f

SHA512
520c0cd7f9dac0797c5430c7c1fc6810a6c107c77668ab23100424da709eabefdd3608217ccbb97911f579880c26549f9577b19cf2ece9ddae759a060f0f3d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6d0b4eda891325536a4e9e3834a4e1be

SHA1
1bfb56432303d08d2c37da37eb94ff6387209884

SHA256
0c14c6020061af12b420f7e1c8c05c0388d260b6aec33efeece75df72fe1a920

SHA512
107d431e4bf425ed5afaa728df35f25a40fa765cfa94510927af41e9797d2b8fca002033b5b192aeaf35c12d035408767cd85d146cf99b643b94dffcdb4fe7da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
12d92ea20c98e3527f60c17804eb3934

SHA1
c6e110266760aad458eac110ef3b5f45532588b9

SHA256
50fbcc5ab02e407165c1b7a6405657ba97c63f78ed3c065df8ac1018e801c334

SHA512
9c96c12cdb3b7965d8d34ee919a438514dd2638559dec1e769f14125bedeae123de4cdaa0c7bc9f59957211dff55e092404c3e4451433ec0fb2f58d79e51e3d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
87KB

MD5
0dea793c25ee594583cd01d15cb99fcb

SHA1
8f8c07ae424c530d16f7508421fefc9c36caeecb

SHA256
5d78d67cc3c8bef7dbda795ba7c73bbec5ef16bf2e74028bcaad6c69692bff46

SHA512
8dfbc0035063bf22623bcbf886fe4cd7fff1b06c42d19f5394799f71fdcf44c601686c0e3385f1d37fce2d0f1517b16e71e65e75071eed110776eb1fe439be1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4956_PPKSVTXXIADLGPZX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit