hxxps://send[.]cm/z1dg0c7dkj8g

Resubmissions

27/08/2023, 17:50

230827-werk1seb21 1

27/08/2023, 03:17

22/08/2023, 17:50

22/08/2023, 05:56

21/08/2023, 22:35

21/08/2023, 06:10

21/08/2023, 04:56

21/08/2023, 04:02

Analysis

max time kernel
49s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://send.cm/z1dg0c7dkj8g

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133371309660619967"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2972	chrome.exe
2972	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2972	chrome.exe
2972	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2956	2972	chrome.exe	83
PID 2972 wrote to memory of 2956	2972	chrome.exe	83
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3748	2972	chrome.exe	85
PID 2972 wrote to memory of 3380	2972	chrome.exe	89
PID 2972 wrote to memory of 3380	2972	chrome.exe	89
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86
PID 2972 wrote to memory of 3416	2972	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://send.cm/z1dg0c7dkj8g
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5bbd9758,0x7fff5bbd9768,0x7fff5bbd9778
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1888,i,14654259132650579370,6305984082610606898,131072 /prefetch:2
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1888,i,14654259132650579370,6305984082610606898,131072 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1888,i,14654259132650579370,6305984082610606898,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1888,i,14654259132650579370,6305984082610606898,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1888,i,14654259132650579370,6305984082610606898,131072 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1888,i,14654259132650579370,6305984082610606898,131072 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1888,i,14654259132650579370,6305984082610606898,131072 /prefetch:8
  2⤵
  PID:3148

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
04adcca37aaad4c90658cdf500749fa4

SHA1
55a14b0dd766bef843fdef05d7a2dea68d0586e2

SHA256
50b4487c4e6370be231e7fc74a03650220e536d683819b89f52bf010d5bf0a66

SHA512
c0d84a483280d1971cb68b6eeba81efc9e2ccaa6aec3cf2744351695c3d70dde3df89ea2b1e715efb75559b4a2422bf45445a19b397b2911ff92b8bfd5cad478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
c40bfa15eee2fa01bedd2eb9c73d4b3a

SHA1
de59f67d8b69972b61ecee186f025cb858884802

SHA256
244931703befd52ceb25e3879543c22fc42c34e4ee95aa443284b87ef7bbf72a

SHA512
a35366a8c55511d3bf28151a8ab458b798bc0e2977d492404636debdf5d717b08d07373283e770c4951855780db3e62cadfe7a968f9898adf7e489923f77c5b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ba22143ebb3afae472eac8f20e7566f8

SHA1
80340f2e3180c75b1302003a502979568483470c

SHA256
4c73aab4a0fc419308b414e3ee8da496e53985758adb9c2362068cbe0079b354

SHA512
75effbb132c0c3501116d9969497d9426f66cac59d82f75bba131b5ed5ca188db931c9730b82c2925ebf09e42bac7782b415f4deb42313441ed695cda46bc576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
3a117cf1f2fb1b940812e075e8612c0d

SHA1
54d0d609bdff4a998f52be90faee6bfd7125723b

SHA256
2cac7ac7f2ac841c5f0abdc62b5fe679e8a7452bb98dc17b31aa9c4c9d878eaf

SHA512
b4b5436a4f6e3a46a283e1b1fe8f2bdc24e1763cc3e2587759afa21794168bf528e18bed4ea031300dd7fc8a0552f1cae71c93f7d16014246a75f3862a44336c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit