hxxps://samsung-inspira[.]com/feedback/static/images/00_layersetting_r_top[.]gif

Analysis

max time kernel
172s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2023, 12:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://samsung-inspira.com/feedback/static/images/00_layersetting_r_top.gif

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133368351878308722"	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
5076	chrome.exe
5076	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 2376	4416	chrome.exe	41
PID 4416 wrote to memory of 2376	4416	chrome.exe	41
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4852	4416	chrome.exe	84
PID 4416 wrote to memory of 4632	4416	chrome.exe	85
PID 4416 wrote to memory of 4632	4416	chrome.exe	85
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86
PID 4416 wrote to memory of 2412	4416	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://samsung-inspira.com/feedback/static/images/00_layersetting_r_top.gif
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcff39758,0x7ffdcff39768,0x7ffdcff39778
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1852,i,1432624616909155038,11294813559969948883,131072 /prefetch:2
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1852,i,1432624616909155038,11294813559969948883,131072 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1852,i,1432624616909155038,11294813559969948883,131072 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1852,i,1432624616909155038,11294813559969948883,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1852,i,1432624616909155038,11294813559969948883,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1852,i,1432624616909155038,11294813559969948883,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1852,i,1432624616909155038,11294813559969948883,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2572 --field-trial-handle=1852,i,1432624616909155038,11294813559969948883,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5076

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
824B

MD5
2537546be4add1d43893b7edfc29eab9

SHA1
aeaf89ae2aa2e3fa1c572ce14870699561450c19

SHA256
cb39349338b766ec5b1cadceb1e672dffbcc9efaf6ee33f4803759e7936ecb86

SHA512
ad7ee7ea8d9c9326fa2d62e337e0d4bccd2ff2e4bc4e2da3efaf48fbdb63883db343a7fbd701f2892ed5b1c13e5477b4961fba4821108c72e7bc001f7d69c659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
19c1499ffc43fcb9ab96b7e85b5ed343

SHA1
5922ef113204a81ef1e96de16ad75322d3210c78

SHA256
aee666e2690d65b7d910816c047360ce7d213ad5890a72c550d44bf7c643bba2

SHA512
9a067e37fbb52fd35df74980ee618f963b701f0d203431aa8a13a976e82799aa2e588f008284b499c4c19ae9111bb17940c8ab397794819ffb14a60eb5278b50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b749db567097a0872166b8fc00e96fcd

SHA1
e87077860b7c8525d9a4cfe3cfee04dd1dcff7be

SHA256
c7944eb9132d58ee78baef0e46adfcb2e52d5ae349d6a8e835690256f9d071d0

SHA512
707db9f414a3f7bcb95568a03d0d66102d92a6c61efac2cf5f8b0fcd97cac39a74b6108c9bd3be027cbea9f8319f96c2b049e0a6c17b63baa5a76cbb26496713

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf862187a5fcdc8b63f330751291bf08

SHA1
13a56b5674e153a624285813e5fc9ebd46d05233

SHA256
52ef9a55ad4d0c61884d55d372b78408b1f6ec862d3940b20aa7e753e411337e

SHA512
7969679f78a1b08fc2b44e45b979ff53990ef23a1d3849fe13fed2f4435394fc66ad93520e1154af5a07dca9976fcc09c5e1ae14ae5c51374207986bd3feb5aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
d3dddfd4a1e7fe3b0ec7629fb3554ab7

SHA1
538ad55a5b4bed95648771be858b6cd6ec8c5c27

SHA256
ac441d40add6f442679dd51bc3263fe6a1bf30cfa2cffea0b4a3e935e323ff1e

SHA512
87758e4f895edf937395e9ea2bb87e654755979d5c81f67024483ba7f15701aee56c5023019486eb9cb2c3ccf936131f8ca8353c19adbd603e2cda569365c92e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit