hxxp://feed/, hxxps://smashballoon[.]com/youtube-feed/

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://feed/, https://smashballoon.com/youtube-feed/

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133370988415527030"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5104	chrome.exe
5104	chrome.exe
4584	chrome.exe
4584	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 2032	5104	chrome.exe	81
PID 5104 wrote to memory of 2032	5104	chrome.exe	81
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1164	5104	chrome.exe	84
PID 5104 wrote to memory of 1496	5104	chrome.exe	86
PID 5104 wrote to memory of 1496	5104	chrome.exe	86
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85
PID 5104 wrote to memory of 2404	5104	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://feed/, https://smashballoon.com/youtube-feed/
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd4f09758,0x7ffdd4f09768,0x7ffdd4f09778
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1720,i,15390529938281042959,2268861147904075389,131072 /prefetch:2
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1720,i,15390529938281042959,2268861147904075389,131072 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1720,i,15390529938281042959,2268861147904075389,131072 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1720,i,15390529938281042959,2268861147904075389,131072 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1720,i,15390529938281042959,2268861147904075389,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4704 --field-trial-handle=1720,i,15390529938281042959,2268861147904075389,131072 /prefetch:1
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3164 --field-trial-handle=1720,i,15390529938281042959,2268861147904075389,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1720,i,15390529938281042959,2268861147904075389,131072 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1720,i,15390529938281042959,2268861147904075389,131072 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5124 --field-trial-handle=1720,i,15390529938281042959,2268861147904075389,131072 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3840 --field-trial-handle=1720,i,15390529938281042959,2268861147904075389,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=212 --field-trial-handle=1720,i,15390529938281042959,2268861147904075389,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2608 --field-trial-handle=1720,i,15390529938281042959,2268861147904075389,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
824B

MD5
56d2a829e32c33c7d8f054fe1e3568c7

SHA1
d71a726432525c60fd93aae6f18bb68c15b095da

SHA256
adb10be9ea65cc53f9fc5df54242b69a66fa4487ca8fe4b986fcf7f93b3cc3c5

SHA512
cafad2ca7f6ad05b97b2b9746b62082a3a8d19f50bbb201be4a93e4bd354f16ddc0ad003e372b40f29dce0a6c747534bddc115dc7de8d5a17eb9a019418d6b1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1c5a938d8a2b917ca67e7a54d9a7c325

SHA1
ac6c4f5ece7231f4ff27ec8a54d2e60299af6af1

SHA256
647bd512dd7eaf9f9b83fd19a5136455f876354c085e0925550f88a45d36b548

SHA512
37919f85075af582f2e640eec0b117a153f159480eb4bd8a2fbfe40a547c030afc6e3c88c6441202c3bdb6a1976fea5315d9dcdca1f60f4bd80fe6e90df637a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
453af391bf8ca365f12a5f8d90327ce8

SHA1
1910bb6c1124cff99f5b2369d547cd139a80e958

SHA256
5c4e39965e3c28790a40c06d3b06fbb526fec4fa7dc53077335ea57fb5792f2c

SHA512
48f015d9db2d82e076369e7ca5679b4444fea67680efbf588be821f5ca46849b71bdceb090e187f488a4b79810de0febbaf798097d7502ee004a223f7c547b26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
73802042142374ebe3a39df142c736d5

SHA1
48a0805198daa6b5dbd7af0ddc11dca62bc35a64

SHA256
d1303a6c4ab4623876e24fed9aa80a23dec77849231b5f978e7cd948aceff826

SHA512
d5091ae94a8de74953da21cb000f59ad787fc59990014ea296a41425a5badf6f943277ae245268ade6cd08551b859909618243b26e60cb8fc56bf3de32bcc7a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit