hxxps://baq8etp[.]myraidbox[.]de/, hxxps://trygfondensfamiliehus[.]dk/, hxxps://wordpress[.]org/plugins/instagram-feed/#description, hxxps://smashballoon[.]com/, hxxps://smashballoon[.]com/instagram-feed/, hxxps://smashballoon[.]com/youtube-feed/, hxxps://smashballoon[.]com/reviews-feed/, hxxps://smashballoon[.]com/custom-facebook-feed/, hxxps://smashballoon[.]com/custom-twitter-feeds/, hxxps://secure[.]helpscout[.]net/satisfaction/642256399/record/6987958998/1/

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 13:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://baq8etp.myraidbox.de/, https://trygfondensfamiliehus.dk/, https://wordpress.org/plugins/instagram-feed/#description, https://smashballoon.com/, https://smashballoon.com/instagram-feed/, https://smashballoon.com/youtube-feed/, https://smashballoon.com/reviews-feed/, https://smashballoon.com/custom-facebook-feed/, https://smashballoon.com/custom-twitter-feeds/, https://secure.helpscout.net/satisfaction/642256399/record/6987958998/1/

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133370980427524117"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
872	chrome.exe
872	chrome.exe
3884	chrome.exe
3884	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
872	chrome.exe
872	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe
Token: SeShutdownPrivilege	872	chrome.exe
Token: SeCreatePagefilePrivilege	872	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe
872	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 2668	872	chrome.exe	63
PID 872 wrote to memory of 2668	872	chrome.exe	63
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 2736	872	chrome.exe	84
PID 872 wrote to memory of 4796	872	chrome.exe	85
PID 872 wrote to memory of 4796	872	chrome.exe	85
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86
PID 872 wrote to memory of 940	872	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://baq8etp.myraidbox.de/, https://trygfondensfamiliehus.dk/, https://wordpress.org/plugins/instagram-feed/#description, https://smashballoon.com/, https://smashballoon.com/instagram-feed/, https://smashballoon.com/youtube-feed/, https://smashballoon.com/reviews-feed/, https://smashballoon.com/custom-facebook-feed/, https://smashballoon.com/custom-twitter-feeds/, https://secure.helpscout.net/satisfaction/642256399/record/6987958998/1/
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1b799758,0x7ffb1b799768,0x7ffb1b799778
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1900,i,10597420737587843313,4495087699480366256,131072 /prefetch:2
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1900,i,10597420737587843313,4495087699480366256,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1900,i,10597420737587843313,4495087699480366256,131072 /prefetch:8
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1900,i,10597420737587843313,4495087699480366256,131072 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1900,i,10597420737587843313,4495087699480366256,131072 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1900,i,10597420737587843313,4495087699480366256,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1900,i,10597420737587843313,4495087699480366256,131072 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1900,i,10597420737587843313,4495087699480366256,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3884

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
2eec5ba96048b540da7794af595ac4d0

SHA1
e675cceae0b5c8464c9f80b080bd9723c5c413b0

SHA256
5d8d8c6e92a7b37f134eb27e9f78133c907f8d443a52bf07f4b6d401484c348f

SHA512
65dd9efd11330ccf819483d1a3dd97be546c4150d5805446fda47e3ddade7966678e8af5365db1b5de2707687c99c59071ed6fbe4803e5bd7f527728bd4ad409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ee45734417ed0ed88d937af4cfe6389c

SHA1
a4404d2a8c646ce9eb92b729f5c594bd65a63ca7

SHA256
d9561f6d8313b4e0794cf2a3381d0b94e23415d3a5875fdd23f4f40455c51c3d

SHA512
495fca44235282f55b3e00f6ef2c1b92a2c56fc585c2421906545494108773d195f9f658ffdc504c712531578caf2e7a24e0af369f49c6a9736d98ac9a052242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
ae7fb47f6e056e303b341ed892cc430f

SHA1
b4f7ca14dc7cf9a4bc39677f69bf50295ddc9a30

SHA256
a5b55edff0c6fdde8ca38a8d32153a1c6f165319f9f920e6fb84ba5b6cf624f1

SHA512
8677495d96157373a170e06713c0b867b70ebe6c909ce029861c4845f91c58e9ef5bad3416a98063f0973f9dd65fe4693cd7e24e6374bacd88ccab785d0c9267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a4bbeb9990ea96d009c5dc429fbf5ee6

SHA1
791b4c72879102c5bc5b867bbb8b88dd6ceb3ab1

SHA256
38ad03d08d67099367ac2f06d0ffee3c6a655275c0fd2e2be4e2a70578646c3c

SHA512
b41903a52e3cb5e4ed0fae8d541d17f6c90b6e5ae8772efa96bb89bcf0ad86d0b5db13df80d3e9576d09f0a33330874f177cfe93ce839e05e146362d202771ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
964408b2779ea182f61ce25439ec3f43

SHA1
ced8b6e6f500aa1d0134f75f74f34a0ffd8e6afe

SHA256
da09ce8d6245283fc6dab5a6232917419a34b8263d62bf506d1668b95dd7bbd4

SHA512
04b5100cdf0d09976c4b0f50fee8939d14ddcb34da1c64d024f5ef07f5586ec152b1803d09850053469d49ced310cf83dfa6a8c2124c240703e2abd7695f0280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cb2402810912d2da352dc6dc1624b425

SHA1
597ae38e71ebf4446ffef5210fb52cc52040bcc0

SHA256
c4011e1124f1f4b98d344b9fb69e89e87ce874fec687ad19ae3e39534566cc29

SHA512
e3b58fbde47584b3e8d2c2dd3e65f57b3a8dc80a2a008b3e7e23f72d86528a1c3a1e49d9e7863bf3ca296320f221b387d30432c6c4df43b74a79aec9b0c6f9dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
f978c4a7f2d070f6ba615241fdc92204

SHA1
8b51c1edf96f565b33b6b404a81acc885b47c66d

SHA256
457e5841a470f36debf897d77ff95db8b7d2a0a5909f2ea0901b66d3df8bcc71

SHA512
d14e14493acc4591490c9eb17f6b6fce26d20decca428f516ee92816338c09e7902d8c8c52ad5f5f6abf7899f6a0f2047bf43a9e31ae8dd21c5f7f0b604acdf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit