hxxp://awesome-projectator[.]web[.]app

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://awesome-projectator.web.app

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133373005113783481"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4332	chrome.exe
4332	chrome.exe
1624	chrome.exe
1624	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 2004	4332	chrome.exe	81
PID 4332 wrote to memory of 2004	4332	chrome.exe	81
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 5036	4332	chrome.exe	83
PID 4332 wrote to memory of 2020	4332	chrome.exe	84
PID 4332 wrote to memory of 2020	4332	chrome.exe	84
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85
PID 4332 wrote to memory of 2508	4332	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://awesome-projectator.web.app
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9a8d9758,0x7fff9a8d9768,0x7fff9a8d9778
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1860,i,17311319346400108926,17961626963908143452,131072 /prefetch:2
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1860,i,17311319346400108926,17961626963908143452,131072 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1860,i,17311319346400108926,17961626963908143452,131072 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1860,i,17311319346400108926,17961626963908143452,131072 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1860,i,17311319346400108926,17961626963908143452,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1860,i,17311319346400108926,17961626963908143452,131072 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3484 --field-trial-handle=1860,i,17311319346400108926,17961626963908143452,131072 /prefetch:1
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3316 --field-trial-handle=1860,i,17311319346400108926,17961626963908143452,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1860,i,17311319346400108926,17961626963908143452,131072 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1860,i,17311319346400108926,17961626963908143452,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 --field-trial-handle=1860,i,17311319346400108926,17961626963908143452,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1624

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\230e1dc0-c0f9-453e-84a4-dd520c51fb43.tmp

Filesize
6KB

MD5
3f05c0169cf8b5c07315dc9bcbadce08

SHA1
a165f4cc7052f1f3494c9b735bc6d09b87888cc8

SHA256
43e016d27cf7da5b2357dcc099f1afa09efee3222ee3baa77e87e97f0789d424

SHA512
3cc77cf69f65b30d1e71bd09e67e760dc5d769aa8617e6adf975ffed014c848b362b27960ae52daa338e1d24635ab747560e027a5c638fde00dd1384408d27ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
457204e301a24a433b2e40544a52a633

SHA1
8ad5b4de36b6ba7ab0400a5fe5d26568a560efa5

SHA256
6456f4bb51676b7dc62aec0cb44b4c43a3749241ccd3d5574e27a5cadbaecf38

SHA512
26b6463043203b04395eb6fba65a19aa35d313fa4299a2f32602ae86505f149d7d30eb28ee25c300cc871c71ddbe645e9f4e101cf974893828dd707192d16acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8278d43ba75bc79734cb9b927d216711

SHA1
e04f44d38cc83e1f6bc5595a20d630ad575e9e64

SHA256
f111fc360017dfdc5d7300c2e4dd1adecc3cc974705d1b8f9c0bf8683a020e4d

SHA512
af098d5888cf503b33558df713ccb81fe9ed45970891651a4b1d0f52a45c294535395fcc4cda7a300c91c2689ce61d34568edd301722ed271646b81a2a1fe4cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
85df1ad4618bf341f61b59d73d41c7a0

SHA1
32b436619fa01397c79311200c65d2d360672500

SHA256
80437e6fd67b5e5dec233b65f2a32a390001d2424fa24435a970499ce1e4b689

SHA512
8e880f6b4797cc058c5356ec5e9dcec0e80d9c1ce8a7a30d7d4cb79fa740ca04631f9b5befc2e878ecc9127ccc580e43197a041beda6d7191514c456855a7d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e95610cf89ebdcb2873892b649f92898

SHA1
f420505d328ea43b53f5bf7763c680632c171175

SHA256
39fedf760e192599626919766387a59ac489bb49b798f1ba357b09a646ab82e9

SHA512
ac38f850ab5772348dc2f8e7afa9cb0702d5fb5e18c9c12a2b804fee66852186c734b0be725c97f10adcba7e7126e707eb3ad1bed547052bf4f3cdacdca90d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
03ffbb04051de6ca70520b1c68d20904

SHA1
6bb44bdc59a8b806e8c1de27ec7f21b75e1c1731

SHA256
99d99a07c015a62b93fd0fb23d2c110c39091ba0dd4bbf6f6b50fb87f40fc3dc

SHA512
5691d3bb70c12872b71ab1160387a1b65c71152b308cfbbd3a6437832b3a1233dccb1910c5a64deeebcffa5104853e725b78016d713b51c54476cd9db40f7d50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit