Analysis
-
max time kernel
119s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
17/08/2023, 09:45
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://static.xpertsuite.nl/MvcSkins/skin/aon/img/logo.png
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
120 seconds
General
-
Target
https://static.xpertsuite.nl/MvcSkins/skin/aon/img/logo.png
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133367391201869549" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3688 chrome.exe 3688 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3688 chrome.exe 3688 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe Token: SeShutdownPrivilege 3688 chrome.exe Token: SeCreatePagefilePrivilege 3688 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe 3688 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3688 wrote to memory of 556 3688 chrome.exe 81 PID 3688 wrote to memory of 556 3688 chrome.exe 81 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 4680 3688 chrome.exe 83 PID 3688 wrote to memory of 700 3688 chrome.exe 84 PID 3688 wrote to memory of 700 3688 chrome.exe 84 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87 PID 3688 wrote to memory of 5008 3688 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://static.xpertsuite.nl/MvcSkins/skin/aon/img/logo.png1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3688 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec2e89758,0x7ffec2e89768,0x7ffec2e897782⤵PID:556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1876,i,7994734273515307879,1749354976538409503,131072 /prefetch:22⤵PID:4680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1876,i,7994734273515307879,1749354976538409503,131072 /prefetch:82⤵PID:700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1876,i,7994734273515307879,1749354976538409503,131072 /prefetch:12⤵PID:3516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2840 --field-trial-handle=1876,i,7994734273515307879,1749354976538409503,131072 /prefetch:12⤵PID:3768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1876,i,7994734273515307879,1749354976538409503,131072 /prefetch:82⤵PID:5008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1876,i,7994734273515307879,1749354976538409503,131072 /prefetch:82⤵PID:3452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1876,i,7994734273515307879,1749354976538409503,131072 /prefetch:82⤵PID:1932
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1996
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
902B
MD5f475cd7e34563f2d8190399ed4422978
SHA1110fe621f3b8e8dd56520fb40cefb4288a06272a
SHA256718eeb353e6234a63ee592b2b6cc62c23c002ed32bcdbd751b1a0b9a0003a19e
SHA5121c46fdbb958c6def0bea5009dc3ff2797a53bb3d95dc86f6d4a90a665a011db61233594cf2538f05807f0dba41c934274a3935edb8275d91575475cb108ae6bc
-
Filesize
538B
MD5d9d35988bf55949effc2c0012eaac3ce
SHA1a174327ecfcee181fcaac09b8dacdcd9229ad0ab
SHA256f5148e2d2a6b01a0eea9e8613ee91f0ebf0431a3963bf096dc7627f40a3e4dfc
SHA5129e84dd0baea96d52477ad8207dcb1ce4711517fcb3372e9b0907535b885e32e209e2aa967f2b2360d2b80962fa4c2b88fa8c2e77051ac2ec4a6a286f0070670b
-
Filesize
6KB
MD5f86ccff6d7d91036cf0046a703c52acb
SHA1a1f374ab7ce4569f8912d9cd349c19563c27d8e6
SHA2566036ca33d4829ad833875db6f8d36b41a8ebc6b2540918e547fa0cda79c13c8a
SHA512ce9159db6dc5131569ff9f5ee6783a7bd0d8f26c7c7c23951b9e2da6d802c03ee6093722919155ab8d5c579697bb7f91dcc9742255f863b066879d7797f9a82c
-
Filesize
87KB
MD54008d60b761d8b9c0eb5603d7bcf7116
SHA1dee2409f0d2d84c0f7b47c8893c98310dcefad3a
SHA256a042c7b5b7dfbe33e3f4c25d04bb150deeb3ca0f2f20fbe189326dd16e102f11
SHA512e67f11e010d628e22d80b90b0f13a381c62d5b5211a3a791bfffe896c1ffe874fc361f9ef9608c016eeee9ef1b4d69933ed918a044eebebe8a46ccd9235089ef
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd