hxxps://www[.]takiparkrb[.]site/1gx9h[.]json

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 12:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.takiparkrb.site/1gx9h.json

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133370958380982054"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe
3596	chrome.exe
3596	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe
Token: SeShutdownPrivilege	4896	chrome.exe
Token: SeCreatePagefilePrivilege	4896	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe
4896	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 1280	4896	chrome.exe	80
PID 4896 wrote to memory of 1280	4896	chrome.exe	80
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 4084	4896	chrome.exe	82
PID 4896 wrote to memory of 1640	4896	chrome.exe	83
PID 4896 wrote to memory of 1640	4896	chrome.exe	83
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84
PID 4896 wrote to memory of 4812	4896	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.takiparkrb.site/1gx9h.json
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa14f09758,0x7ffa14f09768,0x7ffa14f09778
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1860,i,10650043280270999185,1621593030382378198,131072 /prefetch:2
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1860,i,10650043280270999185,1621593030382378198,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1860,i,10650043280270999185,1621593030382378198,131072 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1860,i,10650043280270999185,1621593030382378198,131072 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1860,i,10650043280270999185,1621593030382378198,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1860,i,10650043280270999185,1621593030382378198,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1860,i,10650043280270999185,1621593030382378198,131072 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2424 --field-trial-handle=1860,i,10650043280270999185,1621593030382378198,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
707B

MD5
82f6b5abcb8c3d3609446d8072b88407

SHA1
76a18bfaec65eeb85850a7f9ad6869f3189dafc8

SHA256
31ea8af3118a8bd7805f74fadb8b8501487e3599d7d3e09dd1ae1d0d8229d731

SHA512
d539802d16ab31f4beff1b6a784cec03b9503aab02d00924e7ad94f82bab3c4d1a4fcf51ccd8a4d9897f09b549de09943dceb969af77a3f8103504df2f36999b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
7e02b6267bfd234919f5670fcbaf553f

SHA1
5a655ef2d6492a3637e29316c14f111447dfcde6

SHA256
6058f6604cebf4840df5e6dc842397cb27726efa367a294c8df60375db2ec2de

SHA512
1b6e23208528c947ef565cf41afa411d214f68dc8a763ef17dd0ef133d1f77ce263fd685b07596d2c97f5da6f54e9b499a5cdb06dc5dd83564c4b82f54bc6867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d596f41c3428a0dcda27411bdbb5e5b0

SHA1
c5908b738594913ada99de5a51fd8fe07a6eca0d

SHA256
d13df15279095598ba001a6faa6c41e76d7c22bef0aa35e22424a000a94ff021

SHA512
36adaffd983ece3fdd500cbc0c42ff7b24f17d2c1c5fc9334ae63b54f781b1a85bf0b99b7a28cd0d96ac1ca12ec1c61a415209f4f926f14b513577459423d6c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6ca00216152a2e28caea9bff4129cdb0

SHA1
513e27680840702f55f9748cc4cb33cd3ac50d9f

SHA256
7ba88bc0dac97187db8805893a783ff62c9031132427d902a82187cddfb22502

SHA512
8ed9908c5fc2f9b9a668bda28ede831218943b24f18947564f15166fe27d1b0d5c06987d0f60ed0d2b42dc56a3722a929107b9140dafe9104e280589d8719dee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
113fff0687881e57665ddf43e87cb7eb

SHA1
0307b6a1d24264b0134760ec54512bc0509e7a6e

SHA256
b909ba49a9b2f363fee254ea90ab30d9a9183896c01f0f9ef8f47cc72679897a

SHA512
6449bc3659592c75a93a7ac1c0a0af18fb978f18abd996ffd941dfedfe2f1390073c22d845b97a04b33e40ec340a48e91e7951130fd13e4080348e21193cb870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
c0e425c534c949ecc10d9099d2caf646

SHA1
8e570d901a73e33b209cc622b258943666f24028

SHA256
9f4f82edaa9d7d71f60d1ca24f302e6e23003d5ace96b935f8364316db4991a5

SHA512
4df30b6cb2ab0542d2584650a956658e6a622a448846e4d719ac78402c4b5c1d59b2f989050cb8c75b6367657c5505511bc5c1ac225bd6c818b6cf6749950b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit