hxxps://spotifyanchor-web[.]app[.]link/e/rm1Wdw0UhCb

Analysis

max time kernel
16s
max time network
20s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
18/08/2023, 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://spotifyanchor-web.app.link/e/rm1Wdw0UhCb

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133368547872852074"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 4352	4160	chrome.exe	45
PID 4160 wrote to memory of 4352	4160	chrome.exe	45
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3800	4160	chrome.exe	85
PID 4160 wrote to memory of 3808	4160	chrome.exe	86
PID 4160 wrote to memory of 3808	4160	chrome.exe	86
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87
PID 4160 wrote to memory of 244	4160	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://spotifyanchor-web.app.link/e/rm1Wdw0UhCb
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff44599758,0x7fff44599768,0x7fff44599778
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1904,i,540727836169984869,6538010548713893067,131072 /prefetch:2
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1904,i,540727836169984869,6538010548713893067,131072 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1904,i,540727836169984869,6538010548713893067,131072 /prefetch:8
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1904,i,540727836169984869,6538010548713893067,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1904,i,540727836169984869,6538010548713893067,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4604 --field-trial-handle=1904,i,540727836169984869,6538010548713893067,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3852 --field-trial-handle=1904,i,540727836169984869,6538010548713893067,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3372 --field-trial-handle=1904,i,540727836169984869,6538010548713893067,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5300 --field-trial-handle=1904,i,540727836169984869,6538010548713893067,131072 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5492 --field-trial-handle=1904,i,540727836169984869,6538010548713893067,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5500 --field-trial-handle=1904,i,540727836169984869,6538010548713893067,131072 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6044 --field-trial-handle=1904,i,540727836169984869,6538010548713893067,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6148 --field-trial-handle=1904,i,540727836169984869,6538010548713893067,131072 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6464 --field-trial-handle=1904,i,540727836169984869,6538010548713893067,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6672 --field-trial-handle=1904,i,540727836169984869,6538010548713893067,131072 /prefetch:8
  2⤵
  PID:4896

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
180KB

MD5
7f4148385408f18e61c997a6bd4d52f5

SHA1
aaac74a9531ee11228d2845f0096e2acdaf68242

SHA256
c882c824f1c1eca6536012defd98c86e2c44fb3969f9bbbed90e5df6968f551c

SHA512
0447fa8d70e41a684b2fcfbe03672d1551048249aeb506d9d94e2185000dd31e2cebcadccf2c388e67364ef7cf1f87e5fa0aba4685768e7c835c3e24f3717176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
073060746a8ae1159e819927edf0d40e

SHA1
91c1ae449876376009d82b9e8efe9e5a33d1aa95

SHA256
fb7de5aa2b2c791607fa3163f259e6b949109a86b07c22bcf7c9f5d0d27f9e44

SHA512
13fb2d8eb3827c2ac369ba5cc82c3c1f2c4cae06897d64b9590de309d95b4d2bc34658b645a582d17aade8ccd974dad0f464cc074a9c68c8a1983d5bcedb159d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8195e093dbd2b4b879610a4e19b9bb8c

SHA1
ab649f6f3afed7d8d33c85f32e039098ff32f42a

SHA256
e56bae92b7bc9388c14a8ab2d5065ab2392e03372b0cb8e9887c243a7e3cd2f1

SHA512
767bcaf38bc31421e728e8f17c9d32cbb09c25079827f567b18aa2081315b931ff4f505adeb5ae9ec902b325f2463da9ff00fd1cf27d0ba3168017d6317d396c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
bb3b4396992f2336b54cf7f742317c5c

SHA1
d55314da2fef0f84b0d7232f8dcc8b46eca448af

SHA256
cb8ff12488ee39d98c3e7a919ff25db6fa1cefffea4e78733fa606960113548d

SHA512
ff8e680f3984afd55fec65c62ad70aa0cc5dec0df7913a43f6a14dc8c6a6ab5f0acf9f09f90c776302ee1f355a27bc636858c037a4899b5af40703f2843745c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\dc3bbd02-67fc-4c26-8a00-e237f7db3bfc.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit