hxxps://www[.]youtube[.]com/redirect?event=channel_description&redir_token=QUFFLUhqbjlabXh6MTlsR3hfUi1ueFhkalRyNEpuNk9nd3xBQ3Jtc0trZ3pid3BKZ0R4S2Fwc1Z0dHRDUTJ2R3hTY1NQUWVfTzFfVjE4Z2RycGpTbEV4ZFZrelFpbWM0VjE3N2tIQ3F1dTFkUGJ6akNBQ3YzR3VYN05BNnliSHgzRDZlbVM3LUVUZ0ItR05IT1hFT0p2ZzRTNA&q=https%3A%2F%2Fdoppelsbangers[.]com%2Fmy_profile

Analysis

max time kernel
303s
max time network
313s
platform
windows10-2004_x64
resource
win10v2004-20230703-it
resource tags

arch:x64arch:x86image:win10v2004-20230703-itlocale:it-itos:windows10-2004-x64systemwindows
submitted
20-08-2023 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=channel_description&redir_token=QUFFLUhqbjlabXh6MTlsR3hfUi1ueFhkalRyNEpuNk9nd3xBQ3Jtc0trZ3pid3BKZ0R4S2Fwc1Z0dHRDUTJ2R3hTY1NQUWVfTzFfVjE4Z2RycGpTbEV4ZFZrelFpbWM0VjE3N2tIQ3F1dTFkUGJ6akNBQ3YzR3VYN05BNnliSHgzRDZlbVM3LUVUZ0ItR05IT1hFT0p2ZzRTNA&q=https%3A%2F%2Fdoppelsbangers.com%2Fmy_profile

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133370104081945392"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3028	chrome.exe
3028	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3028	chrome.exe
3028	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 1612	3028	chrome.exe	80
PID 3028 wrote to memory of 1612	3028	chrome.exe	80
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 4776	3028	chrome.exe	83
PID 3028 wrote to memory of 2256	3028	chrome.exe	84
PID 3028 wrote to memory of 2256	3028	chrome.exe	84
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85
PID 3028 wrote to memory of 4604	3028	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=channel_description&redir_token=QUFFLUhqbjlabXh6MTlsR3hfUi1ueFhkalRyNEpuNk9nd3xBQ3Jtc0trZ3pid3BKZ0R4S2Fwc1Z0dHRDUTJ2R3hTY1NQUWVfTzFfVjE4Z2RycGpTbEV4ZFZrelFpbWM0VjE3N2tIQ3F1dTFkUGJ6akNBQ3YzR3VYN05BNnliSHgzRDZlbVM3LUVUZ0ItR05IT1hFT0p2ZzRTNA&q=https%3A%2F%2Fdoppelsbangers.com%2Fmy_profile
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd22f99758,0x7ffd22f99768,0x7ffd22f99778
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1864,i,9635810944731284049,12596321849651453594,131072 /prefetch:2
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1864,i,9635810944731284049,12596321849651453594,131072 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1864,i,9635810944731284049,12596321849651453594,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1864,i,9635810944731284049,12596321849651453594,131072 /prefetch:1
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1864,i,9635810944731284049,12596321849651453594,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1864,i,9635810944731284049,12596321849651453594,131072 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1864,i,9635810944731284049,12596321849651453594,131072 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2560 --field-trial-handle=1864,i,9635810944731284049,12596321849651453594,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2964

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b810612c387ccbb0b8cf41d320b44b17

SHA1
44185565c2d44dca4192ada187b77ea7f64becf4

SHA256
18137e4d4e21908adb6036d829e025dec5a4268f2077c3a8fa4d7f7df52a9135

SHA512
a0fd3753f11fb4b37e4a0838f32b0667d8ccb323b088478655d6543c4149c1989fa0b70569a415ed6c57776eee98d38c562cb50678857cbc2455e25aebee111e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
eb356b516e918b0d987451826e325106

SHA1
ccc9425f5093140af17ab5ca8ea94de08f46baf1

SHA256
1d4109a17f9ca9c24817e50ae9df41b423309a321c6667e47ae3ab945c00394b

SHA512
10144cbb53a113fe1691b1345d1c6a218360107ef486ebc763190bdf97ca2104aaa9510bd9059eb53c13a726af45557f9f4826d5882a06c5b55914135796e441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
162547f5e593ac3a3888504e1cb0e4c2

SHA1
5edf022f4209dda7fe2fb19ff4dca67524cff7c7

SHA256
1d30f77d7cea0222e7fb2c43e46929e3e6267f003e41182f6b138ea6c4036d1f

SHA512
3bc12eae8a6dbbf5a05b4fb05d36c31e92c9109fa1eb7370ec182c96d08a0f330ec62163e0c07bc6a02b96f6251cc6cb228a152095568a9d7c62d76ce4ab2f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ce4652eb87ee1a2c70f9e8bc7ba7a21

SHA1
0d1ba8bb15fbb3b5bec7e5dec6c8b5e8d7c76801

SHA256
c455d274cd5f86587dc437fd17cdc7b18a8fa5e3ba3152a3f94ec5f9e75da4c5

SHA512
caf28cf2342b6d3cb84e81fadec64c9873c72a927cfc78d32d3a6fd7c63a98f7ccf84fe7900ada865cedc2e05c9ca241d04445a794e1d057aae63d54e43f8832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
db6d68661b47dea86d34522d4d083687

SHA1
96abba4987fe6d7b85bc819d52c99cc16bd6986b

SHA256
86f73a53717b7bc4f86aa5915808bec13b9210587b76ba2a5b932755b0f4f32b

SHA512
9dd84b222a58865b7e622a1854be0e020b9074e9c9c137c6678cd831c031abdfecd6841364444a9a45592db1d8bc9c70708bb300372170761b2d53342025c350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit