Analysis
-
max time kernel
300s -
max time network
301s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
22-08-2023 13:35
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://kgjckleacwm.info
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
300 seconds
General
-
Target
http://kgjckleacwm.info
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133371849261049672" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 944 chrome.exe 944 chrome.exe 3916 chrome.exe 3916 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 944 chrome.exe 944 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe Token: SeShutdownPrivilege 944 chrome.exe Token: SeCreatePagefilePrivilege 944 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe 944 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 944 wrote to memory of 2928 944 chrome.exe 55 PID 944 wrote to memory of 2928 944 chrome.exe 55 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3972 944 chrome.exe 82 PID 944 wrote to memory of 3128 944 chrome.exe 83 PID 944 wrote to memory of 3128 944 chrome.exe 83 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86 PID 944 wrote to memory of 4656 944 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://kgjckleacwm.info1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:944 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff8aa7a9758,0x7ff8aa7a9768,0x7ff8aa7a97782⤵PID:2928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1884,i,14876023518751732459,3238607967013286850,131072 /prefetch:22⤵PID:3972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,14876023518751732459,3238607967013286850,131072 /prefetch:82⤵PID:3128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2796 --field-trial-handle=1884,i,14876023518751732459,3238607967013286850,131072 /prefetch:12⤵PID:4188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2804 --field-trial-handle=1884,i,14876023518751732459,3238607967013286850,131072 /prefetch:12⤵PID:4316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1884,i,14876023518751732459,3238607967013286850,131072 /prefetch:82⤵PID:4656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1884,i,14876023518751732459,3238607967013286850,131072 /prefetch:82⤵PID:4684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1884,i,14876023518751732459,3238607967013286850,131072 /prefetch:82⤵PID:784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1884,i,14876023518751732459,3238607967013286850,131072 /prefetch:82⤵PID:3376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2976 --field-trial-handle=1884,i,14876023518751732459,3238607967013286850,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3916
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2712
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
823B
MD57a3d07fb6fc2d47a20ee8b0e85b79bda
SHA1e8ac38b376c2279c686c666c5bc7c9071b20f49c
SHA25622d4cc6e9abbc6a470c3f5bd865c6fb141a7d87bf7fe2931ebbb3199fb033236
SHA51276b9351b0730a1eeec41f04fb450c0ef5480deeb6a486da6b4375135fbc0258882242bd63ae633d0e1f92d05049b9aa61d9c0218bd8a7b2a29c429d9bcf759f4
-
Filesize
1KB
MD5e03ab898089aca72ed84fe1ddfa9006e
SHA1b5276d46e6217769987e13b6dfe84af17dbbfdd7
SHA256ee1a4b645cae97c730cc413189391715cf0b8ad8064d2fb2e4b3d886d70139fb
SHA512127252d1d820ef7a57aa53d8b048a970308903c78049d853c8c21e05330ccad6bb1af5d404ea9f8aed1282d8a132bf517cdc9735b36c2d541ab93c22fe5bbaa3
-
Filesize
6KB
MD514648c840c3826a39faee4bb40f0d9c9
SHA16b981070b1774dd43aa5812551e7dc12e10d6077
SHA256c92da1b915f8574750a41dc4cfd8d1fdda011699e59c4bfb0e536900fb82581f
SHA5127594efd10a14ce8d25341593a23386cdc2541d87db8dfe117c8abc8e5822a11d779653177bb2fb62215ed7c340dcdeef3216eadfa20c31a5204579bb04122c72
-
Filesize
6KB
MD5cb86c2dcfb56a04ebdc790a67f11d380
SHA1e49ff70e363e472234f8a256288ed9f44c7a0434
SHA256b6275ce887ac6953e5ff28ba3e722e275c443af450e2e9c7a70e8cd948da166d
SHA5125551f9e87a83971692adc55bb08d0e4ea1c7532f24c3b8d7b11c33fd6579d91581c76b512ad58a1e243b9c6f79d8979a90ac6724a0fb5574981599c3069f1702
-
Filesize
87KB
MD531ee48ffebfff7971bc70d7a10bd2bdd
SHA17e43dcd79b9b6d29164682840f3a00c35951183b
SHA256868f00379ae9e45ae7041b36f7372c364339d54b2635167e9531a98010806da2
SHA512b86786f2fb26bad13135393ef8491cfd08c04ab5c1509957a97a0f2e963b1c0070ff575d380b2d468a69a7ade97372c90706bcc5baa0d1ca2ddbe1c5609e73ca
-
Filesize
103KB
MD5c50c7271f97cb9012f26c4ed681cb334
SHA147cdb7483ddcd8e208848c57aa2bba234efbd8a1
SHA256673cb0b7563847d0641c3a03701483568c3010c73a3823318da6f04ba8c7476a
SHA512d9db4270631dbb8bdf770848b74dd79bf244e6474647a6bdcc1581c939abe2cdcae70ea6ab71749b4885d2708c59b7cdea14149e314d705df27fabb6cb91be1a
-
Filesize
97KB
MD58e06346a4a023dcb13eb0e2205afb8f1
SHA10e80903f1bb52438ec2cdedf71cec741c3811a02
SHA2563a4315a1edc73c2d78a1c2b6abbdad9b0109ab5207ba60c9778758bb4bd2af73
SHA512d21e572f1bd9f6bd7ec5bf7e8656c4f0d2c7441c4426f5e8402379c41b8c044376a2ba8e6f938de91f34d2aff7b637bcfa2616c4580c1b029b2c6843afcbe08a
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd