hxxps://pub2[.]pskt[.]io/5XXECxuWHSvZ2dd4X6wf4B

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2023, 07:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://pub2.pskt.io/5XXECxuWHSvZ2dd4X6wf4B

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133374237790901025"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1956	chrome.exe
1956	chrome.exe
2656	chrome.exe
2656	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1956	chrome.exe
1956	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 4084	1956	chrome.exe	33
PID 1956 wrote to memory of 4084	1956	chrome.exe	33
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 2496	1956	chrome.exe	82
PID 1956 wrote to memory of 4772	1956	chrome.exe	83
PID 1956 wrote to memory of 4772	1956	chrome.exe	83
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84
PID 1956 wrote to memory of 3840	1956	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pub2.pskt.io/5XXECxuWHSvZ2dd4X6wf4B
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb63da9758,0x7ffb63da9768,0x7ffb63da9778
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1796,i,3222518112697896811,5705368477302758573,131072 /prefetch:2
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1796,i,3222518112697896811,5705368477302758573,131072 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1796,i,3222518112697896811,5705368477302758573,131072 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2832 --field-trial-handle=1796,i,3222518112697896811,5705368477302758573,131072 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2824 --field-trial-handle=1796,i,3222518112697896811,5705368477302758573,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1796,i,3222518112697896811,5705368477302758573,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1796,i,3222518112697896811,5705368477302758573,131072 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=916 --field-trial-handle=1796,i,3222518112697896811,5705368477302758573,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2656

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
c1ace4828715d5d768220a794233db5b

SHA1
7d3be6b09991a4570e2c61225b2893620b81d636

SHA256
cad736b84527ea29a28d8aa92c4067eca35d86e30d0ff6a82d0f49f6f75c8a00

SHA512
0ecc2bbe75952b3282edb7fbfb7ad217a5ae73c4cd86727eeb9dcaecff8582e2cc0fbfb09fb96719e80035dbae28d1658c130737aad8f466ec788e7a1f02fd56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f9d70d99e80abd3bc7e6c47dfb5d7954

SHA1
29f07dceb35f1ca00eb0fa75569d50e3a3131ef7

SHA256
d293fcdab2b24a90047b1b11f522f182df0108bc44cce64a15d04fa6cb1e3536

SHA512
8e366a4f9ffd25fe7e6c84e41c6a2064b09f5cb5358e9a608f2db07e321d1fb5d1e60a754f5aeea78f2ab5f03d0c0b3659a799179534391909691073324f9441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
ae85828a6bdf8844a80995fee4b183dd

SHA1
2d59c2bf19a503ffbdf628c0e7ce7c67943f7956

SHA256
4a30311df90363185557d51635e68fdc65abf502d57624d050233efda10c783b

SHA512
035730bbb1576506c2e7c1c5bac7cb4b2fe6b8b7a7cdbff7d7aef54d2e90bb685f7babbd928ebde453ba469dd3fb2570425f8d9f69deb5d9fc5620062174dfa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d5ed844bb829ecc4d3fd9138f48eaacd

SHA1
5c6ae53fe52ab55c6a8c11f4beebda2b74b6a9d5

SHA256
ba5030fbdb8878f02976ea1bb52a090d8f69c60fbcb03b37ee8ab7be88409979

SHA512
822b976ac453cc70567757f35779d67d044ccc72c7c18519b2db984c651c011ed6813591ffe7eb465e566319517b7eadbda3efe8889041ad91b3356abcc6b341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
841ecb71b6c9047ded2d17448ff056d6

SHA1
51759fbcb089cee1e8a5baf99f3be10d3cdbc1d3

SHA256
82e1380778c64fecc9d506121ef2b28d8d07cd37f47a2dad1f1f988250470800

SHA512
8ff25ebd16c38cd0aea962bc31e6eb62f054f56b49f5be7b6d7f00a86bf998118b4d03d508315dd92098a906c8af3ae39e7892619049c3e62c655d381656afe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit