hxxps://tinyurl[.]com/5am5j97j

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2023, 00:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://tinyurl.com/5am5j97j

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133367927191334664"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1722984668-1829624581-3022101259-1000\{9C198DEB-70A4-48DA-89B4-CA41923D59BB}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
3652	chrome.exe
3652	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 1900	4936	chrome.exe	83
PID 4936 wrote to memory of 1900	4936	chrome.exe	83
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 400	4936	chrome.exe	85
PID 4936 wrote to memory of 4044	4936	chrome.exe	86
PID 4936 wrote to memory of 4044	4936	chrome.exe	86
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87
PID 4936 wrote to memory of 4188	4936	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tinyurl.com/5am5j97j
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995839758,0x7ff995839768,0x7ff995839778
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1888,i,735831306479111259,8863932177167834921,131072 /prefetch:2
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1888,i,735831306479111259,8863932177167834921,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1888,i,735831306479111259,8863932177167834921,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2828 --field-trial-handle=1888,i,735831306479111259,8863932177167834921,131072 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1888,i,735831306479111259,8863932177167834921,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4628 --field-trial-handle=1888,i,735831306479111259,8863932177167834921,131072 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1888,i,735831306479111259,8863932177167834921,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5036 --field-trial-handle=1888,i,735831306479111259,8863932177167834921,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1888,i,735831306479111259,8863932177167834921,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1888,i,735831306479111259,8863932177167834921,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4784 --field-trial-handle=1888,i,735831306479111259,8863932177167834921,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3652

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
c5230b4185d426fa5a4e48d17b8eabca

SHA1
f5137064352fb173302a577997d55bf693a1a963

SHA256
72268136938881555ab3106e2573a2d05326eef448e00bbd04a08e6b0671d2af

SHA512
7de680b45b7880c0363e4d0513fa18023d9a5af92ff56594605b56b48202495de5081620b93209d2a3f506dbfc49b17982f4870ccf100fe90c0b30e0da44e087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f92048174f5b08191577becdc5e204b6

SHA1
9a46892291765641c69191f75a142186943aa79b

SHA256
995d24fb205e47d31fcb1fdec2374cf4dc18e1af7559769d78c644afd6534197

SHA512
e433d7fa2cbc8feb9aadc752bef7d73bc91060818a03332606b85269d6040873e1d4c0ec23fc78a051e992347b80c0a33d180bafc21ed1ac7f3cfd15b3b7adf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
85740dc6cf28308c83beefdca7f98997

SHA1
e59afe1da5d0a2ab4607d2fa0eebdaf2818af6a7

SHA256
b402b199b04177466cef8124de3f5226cfaf0a6483d1c7dc65e80c2366d09065

SHA512
190b0c255466788642494c45e7b7a61d13c4d9fb5fb88d93091ef7a0bf05f21d336f7be20f41b266a98131922b26366d020645df754fbf911990493aac5ca54a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
26d45518aec1b18d05b7f950ac6b4cbf

SHA1
7c5e55acbdbd3b10bd1af17c06da10939023d051

SHA256
cf7514a73e773d36f13673b9f74171efb8adc5d598a248d68bf484ba2e545841

SHA512
fd1de091fd9e1700891da51d777583bcef864f3bdd489a14b1c43d41ed17688fa83b0ab2a0e3a6f247b20caa86a511e6a4fb62cb6df9edf4cba8d3f81f9d367d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
00f28f7e2fabfcbd5d0990b2644fa49e

SHA1
847152a2c4f9f94b25aa8167d1cdbd2b3cf4cef8

SHA256
5c8398d66791c635f654e9b858d381c2094e7d28d662346d97626a0eb654b731

SHA512
7f8edb19bfb482da48dcb5b9c549473f259c8829e3f6db0986b8ce2c264c5359cd6d7f76f9fc7fea647a07f1e0ce31a91d213fc97a07e02bde52729d93466bdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
f909b4486c44303077404339a6b58ce6

SHA1
8025a86f91357b873acfbc329ee1b2680bb7aa25

SHA256
eb87602d9696e67de60d78ee1b311a4cb8f35eb54db70267169b00900ae77bf6

SHA512
879e0d76ce0ec06aa009a3883cc0fb706bf6e3bb6f63b15c6265d248b498946ffdbc7c11856aa2802787b1e91410cb1ad45f962b309c2fd6bbfd44bf7217a971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit