hxxps://heyzine[.]com/flip-book/7a56287bcc[.]html

Analysis

max time kernel
300s
max time network
281s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 04:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://heyzine.com/flip-book/7a56287bcc.html

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133372393190625147"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2000	chrome.exe
2000	chrome.exe
3032	chrome.exe
3032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1040	2000	chrome.exe	62
PID 2000 wrote to memory of 1040	2000	chrome.exe	62
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4872	2000	chrome.exe	83
PID 2000 wrote to memory of 4152	2000	chrome.exe	84
PID 2000 wrote to memory of 4152	2000	chrome.exe	84
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85
PID 2000 wrote to memory of 3424	2000	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://heyzine.com/flip-book/7a56287bcc.html
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff834c79758,0x7ff834c79768,0x7ff834c79778
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1844,i,7154354898125178935,5992697784611252181,131072 /prefetch:2
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1844,i,7154354898125178935,5992697784611252181,131072 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1844,i,7154354898125178935,5992697784611252181,131072 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1844,i,7154354898125178935,5992697784611252181,131072 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1844,i,7154354898125178935,5992697784611252181,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1844,i,7154354898125178935,5992697784611252181,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1844,i,7154354898125178935,5992697784611252181,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5408 --field-trial-handle=1844,i,7154354898125178935,5992697784611252181,131072 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1844,i,7154354898125178935,5992697784611252181,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3032

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
14395c2f73a70d2b7cb8090222f63ad8

SHA1
96b1db30ddd50bfb89b0aa3c3158316e7f6abf5f

SHA256
814af88cf2d13b073915afdfadb66df773ca0a1eee3ebf0171650e0de1c55d55

SHA512
cec009cf0f9872958634f3c7ac108a375ebaf7c15a25dc07c300711ae7bbb7d40ddf24b75597c33cdbb7bc72fe7763d09f50587c9e8651eca7d2b627f079b7e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cb9f1ed92aa5b1cc45da576e88c45cb0

SHA1
373faae3f8d739859972db8892734fe9698fdc2b

SHA256
a778ce8d4273831797cc71cb6e7f9195e65964f62f1c76fd496c0209b538da62

SHA512
a72ebeac461c6866d3c25230e9a8de01d5527174a1c3482cb09720db6f6aff11fc22636d12f68a3c6bf9476926a1a45c37aed9ceca95a7c157a29f3f321d2229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
66509cc012c6ffeec70ed914825d846f

SHA1
d9f97a12a96618c16a1dfe1e2dc5c449f789f935

SHA256
f0318e7bf1acf3ce3fd81aebb42821965af5fa176d2485eae513383637b05441

SHA512
097d3f69fb34c8ea7f5999e7f13de45ec7c458a6d8a3235461c8d19dfa345dd95dd5a0cb6f532a93871127034ee2a4147083bd4df5fdc5bf1cbb774ef38ce451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5277ec938dda706a49a171365985481d

SHA1
8159475ed5d6a5c0c2d74c5622f462e61ae1fe0f

SHA256
4320b2d052e101702ee93160fd0607fef0868911112ae71376d1fcbb9299ec1f

SHA512
f59651f03585e98e01e96137e28fbbad0240761d0a69d45589f5448b9d6b950d4ac48ecf400305cad1bfc2c87a241cf72539a46bf66d24cdaa39ab4736e88864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
7930c9c7b90becdb74a761fdc45c82df

SHA1
4b87750e73916bfdab736abf5b50d55f77195674

SHA256
49598f17f7da10d9b7ce6c136718f48451aec08fd9cf928b9352627c7f52e526

SHA512
3a6eb00b6e76c3e3418e94ddc67943cb50c5aa51d0934a2adaccb4f203a94387ab2c14d15fe7791c31705b6a4ffa0364c82bcc097cfb410ca47dba3c43885333

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit