hxxp://uk[.]respondprudent[.]co[.]in/UK/1474cr/?bet=28368923

General

Target

http://uk.respondprudent.co.in/UK/1474cr/?bet=28368923

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133372698024108756"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3404 chrome.exe
3404 chrome.exe
4696 chrome.exe
4696 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3404 chrome.exe
3404 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe
Token: SeShutdownPrivilege	3404	chrome.exe
Token: SeCreatePagefilePrivilege	3404	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3404 wrote to memory of 2240	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 2240	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 1368	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 4100	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 4100	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe
PID 3404 wrote to memory of 3956	3404	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://uk.respondprudent.co.in/UK/1474cr/?bet=28368923
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf62d9758,0x7ffcf62d9768,0x7ffcf62d9778
2⤵
PID:2240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1916,i,13191826190094509587,568762121091688863,131072 /prefetch:2
2⤵
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1916,i,13191826190094509587,568762121091688863,131072 /prefetch:8
2⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1916,i,13191826190094509587,568762121091688863,131072 /prefetch:8
2⤵
PID:3956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1916,i,13191826190094509587,568762121091688863,131072 /prefetch:1
2⤵
PID:960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1916,i,13191826190094509587,568762121091688863,131072 /prefetch:1
2⤵
PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1916,i,13191826190094509587,568762121091688863,131072 /prefetch:8
2⤵
PID:1816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1916,i,13191826190094509587,568762121091688863,131072 /prefetch:8
2⤵
PID:876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2520 --field-trial-handle=1916,i,13191826190094509587,568762121091688863,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4696

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
835B

MD5
9156ea67c38c0a728d319e86356c9d91

SHA1
0f5a82b547427821c5bdfb6efca1ec9aae7f2fb0

SHA256
aea543f554cbae52961ce900300ddefbc3dec7306abfb22d88d2f48f50c8ed47

SHA512
38065968e74eea17f449b4086079a58b093196a55822daabf838ddf6a10027c987f8b2eaec82a39fd1e28c272220a428758181e40fdf8bd12b5d7f0aa1bf4d71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0d2f45387415576e720c4426c73732bf

SHA1
d9bbd26c2761ed862cec127910b31c8b7fe550b1

SHA256
ac8c3c11ee646e492700118c6eb844769f5f512c570c13aa1985a0b4433a35c8

SHA512
346ef693c6114359f53bab9b20bcd9fd65b2a05741de235699366568b440f8d078fdfe1240012220c521fe3f6b14443ef5e6f0fbe22afafd93d06d9d38aa30e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c810f78d23b5dbf5b3ed17f2b34fb729

SHA1
cf76b0b31d94536f006515e6e0274a61e7e6b72f

SHA256
57af47c772d90c02bf97fb66f90e7820d493fdb48e85bf0eff32f92ca1242da0

SHA512
247d62afa8f3fc08f1d65aafccc8d098f3445303da2909dbbc4b322d92a51ba08906f138c81b5820e2e0c2092df72c2207f4822afff5dce4906ecbd2b3165275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
03fcdcc7d166cbfc7a09be3b753f1aa3

SHA1
345aa9e200576570a14cafaf696545063737026f

SHA256
53978824d3e2a8a5a7a2eb3a93fe08d432ad81c7e251963645e1d69c83d1f3d9

SHA512
77eaa548a5cfe2a21927ac571ff99212e86e4f6fd1737ca7faa828f5b46793c7a19efa600af35ca2dacd92234a5c35709d4f23f834a68b74e130ca981a006962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
87KB

MD5
d1f862d1fd754b23f428a85c5c7c9f4e

SHA1
9d4479c8f50632c4940c2fcb6ce0813ef6d94f97

SHA256
f2e682c369ab41687dedec53ccc97759814a95a30eb054b02e91306653004caa

SHA512
cb3131a3c2dd0e3c73f1c2f00367c547c05984a63c587cbe3fc255aea9dedbe6971672004c68e3dcf96c75da48fe130f66901246a92d0da9be12c983be0fbc2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3404_BBFUCVOXARAWMMVV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads