hxxps://uavpus[.]com

Analysis

max time kernel
31s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2023, 09:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://uavpus.com

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133373433871992004"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 4052	4104	chrome.exe	82
PID 4104 wrote to memory of 4052	4104	chrome.exe	82
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 4708	4104	chrome.exe	84
PID 4104 wrote to memory of 1888	4104	chrome.exe	86
PID 4104 wrote to memory of 1888	4104	chrome.exe	86
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85
PID 4104 wrote to memory of 1320	4104	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://uavpus.com
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf6899758,0x7ffbf6899768,0x7ffbf6899778
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1872,i,6262717317032929581,5003836269059685016,131072 /prefetch:2
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1872,i,6262717317032929581,5003836269059685016,131072 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1872,i,6262717317032929581,5003836269059685016,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1872,i,6262717317032929581,5003836269059685016,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1872,i,6262717317032929581,5003836269059685016,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3932 --field-trial-handle=1872,i,6262717317032929581,5003836269059685016,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3236 --field-trial-handle=1872,i,6262717317032929581,5003836269059685016,131072 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3204 --field-trial-handle=1872,i,6262717317032929581,5003836269059685016,131072 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1872,i,6262717317032929581,5003836269059685016,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3872 --field-trial-handle=1872,i,6262717317032929581,5003836269059685016,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4896 --field-trial-handle=1872,i,6262717317032929581,5003836269059685016,131072 /prefetch:1
  2⤵
  PID:948

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
824B

MD5
3db436ed0412abb64729f7ed7fa26310

SHA1
2483f4ac0b271a9b777880c61c882cd1268f73f2

SHA256
8ba72f24498f1cbb635cf647be19c99201c1f02ecba76c05bcdb10038f16d21a

SHA512
b43b36b25d48fa2931eeb01b3668853001cb4af2e6f3e980e692c7a81f7403cb0d7daba4555b968df72e776f7a2385b5256809c24459cc8b26e530021ca50694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bb2f78e784b205627f8a4fa652d20c92

SHA1
94938edfb8522bbe4e671d9c85e016a065abb680

SHA256
c1351a8d4e252ee0f0eea3bbc35d1344dcd60f548c44b6d0d086c7af9c1f9434

SHA512
9ad24fbff0bbdd0516bb1c802fdee27cb83e25ddbe53efa02294a97a6d95a4eb17b716e38ed5edd06841fd0db4d0f0509f7019bee2d0cd870c4f48e3df3e3081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
21d6c362ee2e740feb4ddaa145d4ed6f

SHA1
c2bafc41ff7215bd862e2199325ef9227bdf6f5d

SHA256
ad7b397cfc38516a7171a90e432270eedcf90b7f38e33dd6ebe171699358254b

SHA512
84916b748de5f59a1823ea754e596b5a4c5496ef79746237de25820d96d19da920bcb816324632c0d0b002aa37ceb017ff319f061dd08297af436cc01e6fc790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
c8ca107c1c36fcd94a303fcaa7c7c875

SHA1
7c2414718d8d63662863e1a90b6727a002672640

SHA256
8254a7bd9151d339d7568e5787de9fb302baac2ab0bc4298bb99b280442582b9

SHA512
e8a6a5337bf05f1c30b0756042b6c36cb1ac129510e49e4e946eecf87749e8129124184436100ab152dcfbfceb7b1e99f75876fb64b450c94e379572db6c6ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
a55aec7d416278dd0b9bd81897bd1ddd

SHA1
514e1db4f9e4dc26275397ff3abeebe3ea9f5552

SHA256
4f40107073d9f9a18e697bce6e9e67817858a88d43306cc32ad287148e0d432b

SHA512
43986aca764901442e580a23e66fb1842cb555b48a11da2cc05462aa7ba7eaf7825b2edb0f2acff30732093e08f18b07b9223ff63306f9acf54578887ead9fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit