Analysis
-
max time kernel
150s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
18/08/2023, 13:42
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://culinarysparkle.com/?gclid=CjwKCAjwivemBhBhEiwAJxNWN494y1BeT3pzMWA_j89z4tAFlsMeKpRnVRJDp0ZcuwqB90Jo7PWepBoCLlAQAvD_BwE
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
https://culinarysparkle.com/?gclid=CjwKCAjwivemBhBhEiwAJxNWN494y1BeT3pzMWA_j89z4tAFlsMeKpRnVRJDp0ZcuwqB90Jo7PWepBoCLlAQAvD_BwE
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133368404873022263" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 4388 chrome.exe 4388 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeCreatePagefilePrivilege 2908 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe 2908 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2908 wrote to memory of 4640 2908 chrome.exe 81 PID 2908 wrote to memory of 4640 2908 chrome.exe 81 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 1264 2908 chrome.exe 83 PID 2908 wrote to memory of 2280 2908 chrome.exe 85 PID 2908 wrote to memory of 2280 2908 chrome.exe 85 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84 PID 2908 wrote to memory of 1332 2908 chrome.exe 84
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://culinarysparkle.com/?gclid=CjwKCAjwivemBhBhEiwAJxNWN494y1BeT3pzMWA_j89z4tAFlsMeKpRnVRJDp0ZcuwqB90Jo7PWepBoCLlAQAvD_BwE1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2908 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe40c59758,0x7ffe40c59768,0x7ffe40c597782⤵PID:4640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1952,i,17814952458388045227,6150016636280637218,131072 /prefetch:22⤵PID:1264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1812 --field-trial-handle=1952,i,17814952458388045227,6150016636280637218,131072 /prefetch:82⤵PID:1332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1952,i,17814952458388045227,6150016636280637218,131072 /prefetch:82⤵PID:2280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1952,i,17814952458388045227,6150016636280637218,131072 /prefetch:12⤵PID:424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1952,i,17814952458388045227,6150016636280637218,131072 /prefetch:12⤵PID:4164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4880 --field-trial-handle=1952,i,17814952458388045227,6150016636280637218,131072 /prefetch:12⤵PID:1044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1952,i,17814952458388045227,6150016636280637218,131072 /prefetch:82⤵PID:2892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1952,i,17814952458388045227,6150016636280637218,131072 /prefetch:82⤵PID:4468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1952,i,17814952458388045227,6150016636280637218,131072 /prefetch:82⤵PID:3092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1952,i,17814952458388045227,6150016636280637218,131072 /prefetch:82⤵PID:4232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4612 --field-trial-handle=1952,i,17814952458388045227,6150016636280637218,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4388
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4872
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
312B
MD58e4d6df8a860cab58c5fec759920f7db
SHA1774f71b4faf06e221e121c026c14c7a1a854f2b5
SHA256c0c28fb9c6b433284b8b7f6baad0ca64d699436a31261a9f82642d66989534da
SHA512f8b9340936c3b0d177dfbb937834ec44104e0cccc9cc4179a4666be25bf06ddce7d62f283de94c4564acdc297e28861f9704be27a84502765c86070ca50dfc99
-
Filesize
2KB
MD5913a340e091be74769f0aaec45c9fccc
SHA1159679ef5f51f4f2e7dc72cfe9926619fb81eba6
SHA256e31321b8f39bd7bd3618af03bfce803386cd653b4751fa77423cd4be7d379cf3
SHA512f9e9e45073185922e6a9bc206035082d3b1a74df305c75453cc8ec8db45c17dcad0e11538de82be12fad56a17fa5a825e0421c3deab5d78a69f07c959acbf721
-
Filesize
1KB
MD53f78f295535b8c4ed7c78602fe3cde4d
SHA11face09bb19ca653111f77895983432a99706028
SHA256199874dadf14d5fdbbf946a3f15d05e0280bcc83c0374ee2d489565486186861
SHA51204e8cccb694a36084b24877776e628fea53a35a7b42d03355ce45f7d288da450c78f9d1856e0b01f58e871a6045e8ee7f9e5cbfa98176817397a473643b68339
-
Filesize
1KB
MD566d6551f76c1ffbced5917184d430777
SHA199a2222279b483e763a9debb1c20c25de72e40f4
SHA25694751d6c4a6d7c339f6c50bd079faa04bfe3e7afdeedc4171a65e1c3b55fcc38
SHA5124a8ca8e61d39dc1acde012019d0014344b0d98c26eb42e11f2e68f378e69d356a7a00d1b2b96d8b6b0e7b3167a8fed1eae99c12800b1e26e3fa9615c25b851f8
-
Filesize
6KB
MD551f3e4bac4aa012b5a7bf7322e6ccefd
SHA1977bfc0a6495ad06ae0e1bdeb8df8475aacdc3a5
SHA256575c1d889ad0681bddcfa40f46a89bdee0ae249708bcd2a621bcadc30b626d4d
SHA512a8d0d2fbe7f3cfda1766d9135903b7908bff6facf7c8e86bf448eb93b8598dc172158d229f4856054ae23f362130bbd1d42325609348fe64f30c2763fbc99cc6
-
Filesize
6KB
MD505c5608602e31fbe942ffdf15e1b29cb
SHA106ca8daa7b44b9f0a1a59dbe94e1035d11e6db0b
SHA25661f5bbe923bf1a5952104c31975bc20dae63bc414b4da6d92e7a4328cbca8be9
SHA51292294d12a62146a123371331fa05cfdc8c6c7b264d177d5a87a363f160fffe09958515e66c7e25e5cb43daf1dc82d25fbd44b2ff1321828929f0fbfbbe021168
-
Filesize
89KB
MD5200c397d3bfe74acdd281b76a2b306ab
SHA16552c0b63fc1f82249002c26788f7cb946ff4e2c
SHA256fc95d74ed89e481c59d1f7fd160c5215938c2d6b6550830071cc0fd7ef153e3e
SHA512d30e8f13ed2ef34e3bf1e8823557505be27e5062a7451f32f6739bc3249382651d93340be470e93e7bcaf6db48d6e1845601586cf269b2836ee6d5678ca2d788
-
Filesize
89KB
MD59efb6e08bea7e4f4c5d2fa5c0556c146
SHA15480ac8c1537496d0984e0a586ca7cb0a31fa979
SHA256e61e9793ac30480c9c1abcdedb5f60b68cdfaca6140fbd70bb8b23625a9a8000
SHA5124f6e4c3e7a36bf7acebffa0c80907bcfc407a7979a1f5d8a1d95fd42ca9e06766d8b1381a0e6d4c20b8f00178c646e5a6d90e982ff884380c6cd82b9409a9a69
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd