Analysis
-
max time kernel
300s -
max time network
296s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2023, 13:08
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://pvwkeplenrokbnkpkgss.com
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
300 seconds
General
-
Target
http://pvwkeplenrokbnkpkgss.com
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133374425011848172" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4028 chrome.exe 4028 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4520 wrote to memory of 4680 4520 chrome.exe 80 PID 4520 wrote to memory of 4680 4520 chrome.exe 80 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 1456 4520 chrome.exe 84 PID 4520 wrote to memory of 4648 4520 chrome.exe 83 PID 4520 wrote to memory of 4648 4520 chrome.exe 83 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85 PID 4520 wrote to memory of 2656 4520 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://pvwkeplenrokbnkpkgss.com1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbfd5b9758,0x7ffbfd5b9768,0x7ffbfd5b97782⤵PID:4680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1900,i,7921526191828365993,8534318975662211330,131072 /prefetch:82⤵PID:4648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1900,i,7921526191828365993,8534318975662211330,131072 /prefetch:22⤵PID:1456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1900,i,7921526191828365993,8534318975662211330,131072 /prefetch:82⤵PID:2656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1900,i,7921526191828365993,8534318975662211330,131072 /prefetch:12⤵PID:4808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1900,i,7921526191828365993,8534318975662211330,131072 /prefetch:12⤵PID:448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1900,i,7921526191828365993,8534318975662211330,131072 /prefetch:82⤵PID:4676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1900,i,7921526191828365993,8534318975662211330,131072 /prefetch:82⤵PID:4272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1900,i,7921526191828365993,8534318975662211330,131072 /prefetch:82⤵PID:3228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1900,i,7921526191828365993,8534318975662211330,131072 /prefetch:82⤵PID:3000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=884 --field-trial-handle=1900,i,7921526191828365993,8534318975662211330,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4028
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1740
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\44c54687-5c2c-4835-98fc-a4ef9a111b9c.tmp
Filesize6KB
MD5ebca68adff9a54a423d1e6769eaa2432
SHA1b27ecffcb33eb35b0afacf54c1940ac5c0b8a753
SHA2567ae863bf35bd83a34b94bf685bc6fdeb58d50ac671d9adc96a23938d6c846d93
SHA51290529ca23bd3706d079b2420b454dd6f59cb523c37eda5ce61f44920cae1b8fa286d4045933b609fd8d0618c41f96e75aa0f00da63a4d409fcefe8bf39f4a67b
-
Filesize
824B
MD570baed4b2c9001c5fa881f5721127aae
SHA1b8ed3286f2761b2e614b62f6f7bbb2ad48d6c405
SHA256a7b0286ef24af27aec776607c8bededfda7e86398715e1f5bb90846bc636bd13
SHA51299adda95f869ab14f3a9a85017abf526ffce38529c995562af0b88381acbce9860556ead752571ca74fc30f06ec33a16be19c400a8e73e24830d7bea433f2ca5
-
Filesize
112KB
MD51ff4c43152523682e152c77af402808f
SHA1a8bd58a3208a69c8e7be3f9198089ec98edc789b
SHA256483bfacd1b4773f767a4b44a356d4b7d14db3e833f0588c074d6af64e0fde26d
SHA5129fb0800f875c41db3640627436bb608f98713b04738d22ef7cd1ab964d71dddb31b88d23cef6e89723c9dbad52db691c7a6ddf4d2518884036ce103bf0d1f522
-
Filesize
89KB
MD51f35f006f7e3c03941d991a7543358eb
SHA1d404d23930ca8ebd34242f4e99657e834d4146bd
SHA256b6d8019ed36319f8d70006b13f8532aaaa407e3a8c8ac956a9b5d93271fad446
SHA5128bd88f6dd208ecfd4ef8aaff1e9adf904ac0ed86439350580b48b8555194643522cbc7af29adbb78940663b9545ae3118ecb8e202936755c84856e37259652a4
-
Filesize
89KB
MD55b3251e4b29c12f00a9aa53af67bed75
SHA197b230499adef4c6f72c1a88a412e581f0ac0f06
SHA256efcbb2ebcb547d95ee171155226992c96bc36642aa120514ed142db15ba7a006
SHA51270eba23d832bdadd7315b6cc75610c537e0e055c7a824e0d1e90bafb03356f5680f0835749dc47082a0b251b1645d9afe735fcdb02c6e73c3a15f9d2cee683a5
-
Filesize
89KB
MD5f72aefcd19ba1d1c720dcae0347af336
SHA18a7bcf0b7d7d568a22884a8b26b82fc3226be7e3
SHA2562f1d2188b64680bca5e6f552825c9042c901e9db9406577a311a8b3942999276
SHA5123ac8ae7e421e514ed85856a5cd26e2998dba206940741336cf8fd3932a95aa045d688cac7168ced002414373844b04dc9c23aeb0f170d628b7ff6088d5afadc8
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd