Analysis
-
max time kernel
600s -
max time network
493s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
15/08/2023, 16:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://softwarsolutions.com/setup/form/ls.php
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
600 seconds
General
-
Target
https://softwarsolutions.com/setup/form/ls.php
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133365916064335955" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3020 chrome.exe 3020 chrome.exe 3324 chrome.exe 3324 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3020 chrome.exe 3020 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe Token: SeShutdownPrivilege 3020 chrome.exe Token: SeCreatePagefilePrivilege 3020 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe 3020 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3020 wrote to memory of 604 3020 chrome.exe 82 PID 3020 wrote to memory of 604 3020 chrome.exe 82 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 2536 3020 chrome.exe 84 PID 3020 wrote to memory of 4472 3020 chrome.exe 85 PID 3020 wrote to memory of 4472 3020 chrome.exe 85 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86 PID 3020 wrote to memory of 4876 3020 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://softwarsolutions.com/setup/form/ls.php1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff950019758,0x7ff950019768,0x7ff9500197782⤵PID:604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1896,i,11236479038614276894,14566839725813329690,131072 /prefetch:22⤵PID:2536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1896,i,11236479038614276894,14566839725813329690,131072 /prefetch:82⤵PID:4472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1896,i,11236479038614276894,14566839725813329690,131072 /prefetch:82⤵PID:4876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1896,i,11236479038614276894,14566839725813329690,131072 /prefetch:12⤵PID:944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1896,i,11236479038614276894,14566839725813329690,131072 /prefetch:12⤵PID:3532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1896,i,11236479038614276894,14566839725813329690,131072 /prefetch:82⤵PID:2412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1896,i,11236479038614276894,14566839725813329690,131072 /prefetch:82⤵PID:3132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3556 --field-trial-handle=1896,i,11236479038614276894,14566839725813329690,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3324
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3764
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96B
MD58b678977ad67c8b8bb042ea343c0705b
SHA15effc8143fe4120b3e136fc9b6b8285590cd6059
SHA256701bcc215235b001443aa558e5f9eef9ec51c4cb127d6f10b35a8d902125073e
SHA5126193ce502281e300a09a42de2e9a0a0283b0ca5957e1552f489ca6f7030c943be243416310eaa627f8c472db3f69b3484c247957d1ef445f20b93144d32e770a
-
Filesize
1KB
MD58215e085d84b9621262b00dd55a49bea
SHA1ab64f2c9755e8989f6f3bc333d7e0a62d4089497
SHA2563bbd7ba47407472fbbe639d65bd84118f63e3d1912c39297028d5f2639666168
SHA512409f26b1fd5fc9fa17b50dd984ceb6a06a0817f04e11330d6b453106f19cc4a54fbafe3c74d672faf79f6b8a59fb2aaf7cbdf335533634c7b7a827449ed9d0e4
-
Filesize
2KB
MD52545a0198265f4a79b34b0980ea84da5
SHA158507064bc88e0394cbd6e49fb0d4172ada35756
SHA256330c6189e2beb49ea2852ab0d76c0ab9e9b5c8bb2c3503cdaaa165f3140defa9
SHA512d60ac9ee12ec181103ce073514d29a7300cf8217512f183f55108ea8c1cbf094afc94ac444d014db3c7e509b78810ca4beef0712be18f58cc13f9430e77b60a0
-
Filesize
2KB
MD5d73dda2bbd5752fa7e09fa89ec736a41
SHA1fd77d73c5717007b1d5347fa694de7d5b901d7e2
SHA256e66868b288835180ae1fb5a488c532dcc8bd7ee19a3b76eb1397f6f7d25f37a5
SHA51266d2527337b35072d86501bb999624777cfad8769ea88b234dfa9f887166590fc2887c7aa799f17da33e463ca1552983877f0a037c80696dd157fc62df9c0060
-
Filesize
538B
MD5a9b658e4b9fc73a58e883541e58bb9ae
SHA1e070355e1907296da1b9eff05b4711dc7c6f6ce7
SHA256574f51f8e65557ec41f97d210858b2254b3e8e2c220039eee17ca7a1968ca255
SHA51287f5ce4bfaff9aa8c6d19a564192e331ef0e7314a0ec5502a3caa938996727735077a5259b8e25f9b3e42850aab697f0b9294582a0e2fcf1990bd314d1116731
-
Filesize
6KB
MD5b51b93e39366383ad5b8fc144c5e0ad5
SHA1590481e26b4314438d99334d60c880ddfa0dfd59
SHA256a2ea6f6cb74ce7c7afc8c756dd7e0e6c10f2e0bdf12ed3f7ffa779d012101763
SHA51263fb77acb595ca6bb4bcfe84393df8801f8f58014c63aedfcb3c43602d704522de0f8de7d92882e912c12af7113b191d347ef3fdfbebb731e9971b20d51b40c5
-
Filesize
87KB
MD52c09ffe8202c311fd172483131009129
SHA1a3c6424d175e3c4a233f9a7889e00798ba904441
SHA2566b4d7bf10bc3b87baca26a99e6af89e4405950a507739f1f251ef8dfddf37118
SHA5124b0a6ea38bd4a058d139660f24a963c09a26d03c122f74bdb56a45288e03f6f1f42de093da5d99597d08306424ee0aad77b875c90fb4b8333115ff600013eadb
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd