hxxp://pjjnbetwmmhodfwnfovt[.]com

Analysis

max time kernel
300s
max time network
262s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 17:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://pjjnbetwmmhodfwnfovt.com

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133371112932943824"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe
1148	chrome.exe
1148	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4768 wrote to memory of 4336	4768	chrome.exe	82
PID 4768 wrote to memory of 4336	4768	chrome.exe	82
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 3884	4768	chrome.exe	84
PID 4768 wrote to memory of 1308	4768	chrome.exe	85
PID 4768 wrote to memory of 1308	4768	chrome.exe	85
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86
PID 4768 wrote to memory of 4916	4768	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://pjjnbetwmmhodfwnfovt.com
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7fff95789758,0x7fff95789768,0x7fff95789778
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1864,i,4238239440961861063,6316394287715004135,131072 /prefetch:2
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1864,i,4238239440961861063,6316394287715004135,131072 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1864,i,4238239440961861063,6316394287715004135,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2780 --field-trial-handle=1864,i,4238239440961861063,6316394287715004135,131072 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2788 --field-trial-handle=1864,i,4238239440961861063,6316394287715004135,131072 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1864,i,4238239440961861063,6316394287715004135,131072 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1864,i,4238239440961861063,6316394287715004135,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1864,i,4238239440961861063,6316394287715004135,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4764 --field-trial-handle=1864,i,4238239440961861063,6316394287715004135,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1148

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
824B

MD5
a0d9ddfc917da843287d64fa33f815c9

SHA1
7aeec24f33211b124787831a08f91800542d5274

SHA256
5834bd177b9d7a7c01058e75dfc21a2cdcdcd555d66cde02ddca463481cf799d

SHA512
51d40f3b7d50493074ac177fc8c11a0edbb0e1c9bc0f9d12f0bafad2d25e1b895170a99e5095494b74b99721de4df94b8e13f48743e3a1647f4e2ed2ddc58ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
da4b2a21b211ac8dfd35c8c054a890fa

SHA1
aba147ce49e4d2372b6eb746c604a356dba32582

SHA256
39ac86b2a746ac494c1f3d91338234fd13264bc7fdcff907a49b362fda6b1e57

SHA512
0f098043a08395c72e1948ce76d48d3daff6530b322c7a99e1935df2254ff8e5f259764fef50ea42f092bb093e64bbed682d63d72dc38172002ab2cf7b5b8b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
31a16f76fbc7c035628cde12ac13694a

SHA1
9906c921e7d1fcb79d12a8ef233171dd7b126cc6

SHA256
83c04d3b110dfd248f7380a82df63ec1ebb62bbca95e4a7bb5e9d2cd53c5565c

SHA512
d0480f49f7268a4136c41eec82c88d2fb1cb23959b6ce618bd74131acb10312a5d5d8ece57855aeb4abc3f778c964e9181722a8d41f265a37d645986682c1a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit