hxxps://protect-eu[.]mimecast[.]com/s/e58wC4RqpulQj7ouObNJY?domain=93p7rc3i[.]r[.]sa-east-1[.]awstrack[.]me

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 05:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://protect-eu.mimecast.com/s/e58wC4RqpulQj7ouObNJY?domain=93p7rc3i.r.sa-east-1.awstrack.me

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133372418067619901"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4484	chrome.exe
4484	chrome.exe
4448	chrome.exe
4448	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4484	chrome.exe
4484	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 2744	4484	chrome.exe	55
PID 4484 wrote to memory of 2744	4484	chrome.exe	55
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2988	4484	chrome.exe	82
PID 4484 wrote to memory of 2440	4484	chrome.exe	83
PID 4484 wrote to memory of 2440	4484	chrome.exe	83
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84
PID 4484 wrote to memory of 4440	4484	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://protect-eu.mimecast.com/s/e58wC4RqpulQj7ouObNJY?domain=93p7rc3i.r.sa-east-1.awstrack.me
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa0249758,0x7fffa0249768,0x7fffa0249778
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1632,i,10657355093556153525,8326990618345612842,131072 /prefetch:2
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1632,i,10657355093556153525,8326990618345612842,131072 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1632,i,10657355093556153525,8326990618345612842,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1632,i,10657355093556153525,8326990618345612842,131072 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1632,i,10657355093556153525,8326990618345612842,131072 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1632,i,10657355093556153525,8326990618345612842,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1632,i,10657355093556153525,8326990618345612842,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3488 --field-trial-handle=1632,i,10657355093556153525,8326990618345612842,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
69fc806d9a5957a5af44c551f09cbb1b

SHA1
e37b1168560c283182c6a1eaddf86c97760a094e

SHA256
727cdb0273c32d655888970a9ada1ee4a5e4c4ee51895f4d60797d02cbfb602b

SHA512
a6b2a632ddfd7175836f5af9392d37cac03931b996d023a6296e5af3d66e69f727112c4ad9f5d9ec603de45a99a8d96278fd378b1d70e87d74165d11b355d126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
c88c68a890a004c7e65ac01292e09ed9

SHA1
571ea09e439e2535e66773eb4635c5e2bb393f71

SHA256
faa65baec2b9e52f67b89afcd49e48e5fe4d7387cd2f13f7627107ae0373df9c

SHA512
bdc5fa5e82cd170e3a50dccb1d08a0e0fda0a656f528cfddfc926bfc9aa0070b25700f0d8c38e21bfd34a0e369ec79b8b7107cbaf8a62386fc3e486ad1ff1d71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1398b5d82428b1e2518d27fb1faa6a85

SHA1
01337da28ef1b5ca0eb771b894bc67ce770aa619

SHA256
cf2ca798b92aaeedf54b02e2a9a3d84dd85061c05463562f2365d4f0600a4c58

SHA512
1a342626817fae495dcbfa887453552605abd7fa6544915b57ab754cda54b2d04a2b9a32de760d6b5f1031751659f2d757924328242e7e25ffa408f88dde2008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
79b2af880f3177530d4007f0d8c51fe8

SHA1
c1b88df71ec1525ad2a0f8a6613800b8d16d27ea

SHA256
32bf41f20454821c690b5a17a63efdbac344965168ee234e0e93f4964fed66d7

SHA512
312eb2de31892f4368638b7c17875fa74bf63c22283a4b4e5819812f27e542d63fc43198f78d7bb0142148a1d6a198988893c718eab26541864490c1cc6bed25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9521f308771b5213c6296f521f535517

SHA1
bfbbf4ea404e04fdcfe8a01db9e1cc5d6a403103

SHA256
c75488b8ebfef61f6d91022ebc3f38789a7c98ad86b1f66e544bf0e11ad53816

SHA512
383056b868bb08b0d2b2b9a50096c09fbf14f94c3454fe5cd94ead7b6b26583e649de2a7c6a658bcb5df6ba43fff6ce13d9d736b72d8bd1f3df7bc00137960af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
575487a628195a3d8ec41957755df182

SHA1
e9cc1c528275f756c0edbeb8fa3a3144af2fc9f9

SHA256
f74c0946ba9880c9ffcd445a76607b9f29296a916c94b951e8c29c63d96a8dda

SHA512
8499be3bc76eb352fdc94f18e365181d1beb20901f31af4c9728d9479a7ee6b4e38856379015ae5b1d376f578c7534ef66ad9a4e0a5819621aed4b2771b048c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit