hxxp://lonelytastygirls[.]com

Analysis

max time kernel
22s
max time network
24s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://lonelytastygirls.com

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133371256553525408"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4552	chrome.exe
4552	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4552	chrome.exe
4552	chrome.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4552 wrote to memory of 2996	4552	chrome.exe	79
PID 4552 wrote to memory of 2996	4552	chrome.exe	79
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 2692	4552	chrome.exe	85
PID 4552 wrote to memory of 3944	4552	chrome.exe	87
PID 4552 wrote to memory of 3944	4552	chrome.exe	87
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86
PID 4552 wrote to memory of 5104	4552	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://lonelytastygirls.com
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4dc09758,0x7fff4dc09768,0x7fff4dc09778
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1900,i,11387845609670458354,1127738289998690979,131072 /prefetch:2
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1900,i,11387845609670458354,1127738289998690979,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1900,i,11387845609670458354,1127738289998690979,131072 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2704 --field-trial-handle=1900,i,11387845609670458354,1127738289998690979,131072 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2712 --field-trial-handle=1900,i,11387845609670458354,1127738289998690979,131072 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1900,i,11387845609670458354,1127738289998690979,131072 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1900,i,11387845609670458354,1127738289998690979,131072 /prefetch:8
  2⤵
  PID:448

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b9433cf2de4b7a155e24092d641b4070

SHA1
0085c40c6c0b3dbbec5be6abfd96a4111ce4ee85

SHA256
fe7d48bd69b2abbebd02433165df4967eb1c7e6c9881b503c3394550cb8604d8

SHA512
66e207ecf7d747812e6e2a1e58f5c53e6fb7e954a59911ca1393d3bdf77c8feb81cd4b03b0302d1eac3be0be803036bfe0f2258a5e1e414bfce8a37fd01e3b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ad0d9dd8bc38bebe9188afc704a12b00

SHA1
759784acdcd2198dbf3cb4ccd9a71432251c3893

SHA256
cf9c038685445c50fc62b27685708597c32fd30137df67b9a25fc5057d88b8cf

SHA512
c3ef5a4ecd2b0c436e2b79dbf8f486dead5a089a0c376dbe78bb54b72d7a5dc039a7e543dab47ad7347fb624126a31d24a4fb66cc86c78bf7301fe300bd241bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
5426e99e060e95799a82512ce375a0cd

SHA1
da3fb5147412ca33dc6d6d9ea0785182ce351486

SHA256
ac757d9251129c40de240cd8a226011e57e5436f8faea8ef182068c5d8883f3b

SHA512
0c08cc47332077282147c629d7a87e0f3a42db1f88afa19c022ea59345cba98222cf0f94dc085dcb223a279822369c60cd5b082dcf3977ad25f7f892ab6d1b31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit