hxxps://fra2[.]hostclusters[.]com/~jadidoda/WPM

Analysis

max time kernel
163s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2023 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fra2.hostclusters.com/~jadidoda/WPM

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133372455404453839"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2576	chrome.exe
2576	chrome.exe
4992	chrome.exe
4992	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 1688	2576	chrome.exe	83
PID 2576 wrote to memory of 1688	2576	chrome.exe	83
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3004	2576	chrome.exe	85
PID 2576 wrote to memory of 3512	2576	chrome.exe	87
PID 2576 wrote to memory of 3512	2576	chrome.exe	87
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86
PID 2576 wrote to memory of 4284	2576	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://fra2.hostclusters.com/~jadidoda/WPM
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa83239758,0x7ffa83239768,0x7ffa83239778
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1892,i,10627807154745791724,11155518893477883120,131072 /prefetch:2
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 --field-trial-handle=1892,i,10627807154745791724,11155518893477883120,131072 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1892,i,10627807154745791724,11155518893477883120,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1892,i,10627807154745791724,11155518893477883120,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1892,i,10627807154745791724,11155518893477883120,131072 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4684 --field-trial-handle=1892,i,10627807154745791724,11155518893477883120,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1892,i,10627807154745791724,11155518893477883120,131072 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1892,i,10627807154745791724,11155518893477883120,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1892,i,10627807154745791724,11155518893477883120,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
181KB

MD5
4c75aa07dd23352ee1225b5a64cc6b59

SHA1
387c73c282f9b15d8f62b2c9d830945772c88c7a

SHA256
edeab1e3b20750bb1c0d394b111109c0c7ab74d34117d16ee1487cc1cb8c23fc

SHA512
a0e185b33114a19e6ace4b7f6af1983c45b124ecf4ce82f92ff832ad9a57ae895798ccd4473a46b9fd530831482b3ec3dc729b10c2c85095a54a6834c563d86f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
ca55f084fbbd9c254c9c1e652f306919

SHA1
864f0a721124bb7283a9e0c2472c143f621d21e3

SHA256
d76b4680fa2cec718f91afe7f5e36ccefbbdedbe3b337482f2d944bc51e1967f

SHA512
e37776878ce3d88065d30e58e0922404a745337cf8b357f8c0ea8cd01c18dba9a55cdaf9eb9c549ccdea59427ef4d27fab36479417d3508d7ec6a0575325c1b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c63a78294e68545495ebd2a8c2c25862

SHA1
7eb15c02e9f498df7aaf397e8ea4d30bacb6e40e

SHA256
d5745096674d562d41756ff46eb8956fd423a5aa852b793a5328e06c4b59a594

SHA512
c19b7b7395968aafa898f5aaa5b69dbd1b4a6abe13064e60a5e3ab13d12767a5580d94bcdc7227383b7696fec86dd347aef2fde8993079d862897e7233e05ddb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
e798512c2bf1a5430663d23970f41fba

SHA1
0559d363ebbface99f0c82071b50b0f179f3d9f6

SHA256
77f45da9a0be2eda872d5f6df861ad26aa2948e975edf85f1c9d4477d1d6c165

SHA512
4c471aac279b4adda1d548048f7cc474ea99de065db830007e8e33d46a2c669a551d6b9f416c51a6db114bb0f1e65a44211b0ab53fdba51f92bcca8257922b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7ab55deaf5a835067131b8290cd1ef86

SHA1
87311ab72780088e82aff6316df33d736bfa80b3

SHA256
963adf97b696babf77ef7c6339b7a2b098bf5753a71644ba5414a1446f3d4cb4

SHA512
796138341ad590fe3058063299d2da60e4643425ca38ba5ac5b4eb70d037f80260b87716edde3a639c6cb472f370470e976331c1d4099ec5cc934b867f5f770a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
018703486baceb161d960d229eb9801e

SHA1
b6da21b5176992c018ee19194b45817cca4d746e

SHA256
1d1b5f5689e00920d71c39164899ff8d5be5bfa6a263b6305a7db28c0a2534ae

SHA512
e6903a87e32354774ff94f8ca5c89d13d13e048c30949b9fef274965db5eda610344e3197a61cb0a177bb27201650357872b5b8e563844b2f7d01d9e49f95b02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit