hxxps://access-my-return[.]info/au

Analysis

max time kernel
720s
max time network
693s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 03:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://access-my-return.info/au

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133370617840815754"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
3552	chrome.exe
3552	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 3296	2508	chrome.exe	82
PID 2508 wrote to memory of 3296	2508	chrome.exe	82
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3692	2508	chrome.exe	84
PID 2508 wrote to memory of 3868	2508	chrome.exe	85
PID 2508 wrote to memory of 3868	2508	chrome.exe	85
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86
PID 2508 wrote to memory of 2380	2508	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://access-my-return.info/au
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb06b09758,0x7ffb06b09768,0x7ffb06b09778
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1832,i,8028191154462226881,74344338842778250,131072 /prefetch:2
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1832,i,8028191154462226881,74344338842778250,131072 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1832,i,8028191154462226881,74344338842778250,131072 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1832,i,8028191154462226881,74344338842778250,131072 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1832,i,8028191154462226881,74344338842778250,131072 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1832,i,8028191154462226881,74344338842778250,131072 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1832,i,8028191154462226881,74344338842778250,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4504 --field-trial-handle=1832,i,8028191154462226881,74344338842778250,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3552

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
56b6fcb6278a383cb8888d3d6304841b

SHA1
ccda2c4e5ea416bf7a7b5f2b737e189015b61115

SHA256
fa09b8166a71ee74616607ea74a135d65c744ef19d7bc2bb3fe72c57716de242

SHA512
d230862c86306820158c23b0eee128eb5dd6fdd4c755063aaffb1ac5f5b2292923066b5caa9162c96ded614b4a5fda1d3ce35f6c12ba456cede6e28250c9a742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fc54f887c3753908563f0358b641565a

SHA1
fc337a9cd69210036760f1f05924d4a72092d6bc

SHA256
d711f8afbcaad77d90182a26ac30ee7dc761ffe0fff356c031d0dd1287649cfa

SHA512
aee53bd27c600c2a8ea1fa90eb29401b49b3048871271b4a7c870b001c3132c539e9673e2d0e3ab75f97690692822eed6f2e59caead184dfbbb0eb94c2ab2cf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d0df27a087dae31cbfc3e5cc9e328b10

SHA1
f757a0d81a69c115e77e8a00e8335a7f9d74c996

SHA256
6b825d3da714acedcbfd7af4e90c3488e33b86daf79cb187c8e5df9fb3628ab1

SHA512
0ccc55eee20816050c39bae45c1fbf5c9b821279cda8a7f25ce5a1342d26a79354e6e62fd9c6c16353db8b5eab12a4dfe69b865718d9293d289cc7a17c7283a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
40077d47d134011f08128b396a989808

SHA1
e675f3614568c223992cd881e0c6b8bfe2c0d52d

SHA256
4dd1c9fe6bb32484dd2bb4f428c2897a54efdf23164ba7e1683f1700852d9ec3

SHA512
671fc7677da54d25ffc07872a1e8f68c55320493ba8c2508b3844242efef2ffd53eb4fdd112c6b4e160cc946371a696e0eca40adbe00e707213e1483ff9c177d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4db8c948698464171d33870c5b1c6fa7

SHA1
405852c542f8cb8b38592928010b09ffa5948105

SHA256
db254440155c9a8477d5b6eb971aaa535f02f13f9b71db731cb26f23112ff6ec

SHA512
5ab98fae028bbc1b70bc10fdc34e516c81bf090f6e0b19cd5d02c6c53a4cf8e8ef6f413d3bf3cbbdd438961ffa93ce4b044dc355a2cbaee990f766f66d3eeefb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1d03b0df3fe898aacef1fccb23374a1a

SHA1
4a71fda271a80808842b26f32e9b8cefc2aa45ce

SHA256
8fb96eb251b3387eecdf82bbe1314e397540f2afd6d727edd2d76cf047efbee7

SHA512
5fb20f4064ad45992b63c80a6152fc90ca3ef62fe8a95e75847c9a07b63d629251b38a5a616759a080735eac8f2b62bfa1d5d6c1d96d5149ea9d5c4fd9bb5af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a8930d1d-ae3c-4aaf-86b5-0893477ae905.tmp

Filesize
6KB

MD5
b370283ebf7a2f57f96fa184affe7a67

SHA1
665f40f7d8fee7d3f487dff16d5eca7b72909997

SHA256
8cdada7537bff4635c507b2d49fb9dafaa4f793b9e734413ba94a190fa273bd5

SHA512
e6d3a7846b13a7f5ee8a3370c412a070b6a0ecab1c653d6d90106ab962667700d7aca2995b7e94bdc67ce5b1cc9b477b2d300308eee4cd48be7d617f39146300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
4a6dda4c4757949b88b4e0632334b346

SHA1
bb7442de7cd08d13cd94d235b2acb75f170eb98e

SHA256
21ad1862c230cbb56a3a078fd9ec39b38a1f109c0d40d243bb72de9023851dd7

SHA512
b766f3f51da94b70101f2f92387fb8ad2f5d36d7a6681eb7f88ff69cc225af2b2cabfc1fe48d43178fcdf1dc92002063f13866376069bbb2257eefaaf0b1c662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit