hxxp://04030[.]top

Analysis

max time kernel
295s
max time network
271s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2023, 14:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://04030.top

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133374470692166953"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 2244	4900	chrome.exe	84
PID 4900 wrote to memory of 2244	4900	chrome.exe	84
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 820	4900	chrome.exe	86
PID 4900 wrote to memory of 5056	4900	chrome.exe	87
PID 4900 wrote to memory of 5056	4900	chrome.exe	87
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88
PID 4900 wrote to memory of 4004	4900	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://04030.top
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb801b9758,0x7ffb801b9768,0x7ffb801b9778
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1908,i,3777167464833376382,2343562039564859366,131072 /prefetch:2
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1908,i,3777167464833376382,2343562039564859366,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1908,i,3777167464833376382,2343562039564859366,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2664 --field-trial-handle=1908,i,3777167464833376382,2343562039564859366,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2672 --field-trial-handle=1908,i,3777167464833376382,2343562039564859366,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4700 --field-trial-handle=1908,i,3777167464833376382,2343562039564859366,131072 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5084 --field-trial-handle=1908,i,3777167464833376382,2343562039564859366,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4036 --field-trial-handle=1908,i,3777167464833376382,2343562039564859366,131072 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5384 --field-trial-handle=1908,i,3777167464833376382,2343562039564859366,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5528 --field-trial-handle=1908,i,3777167464833376382,2343562039564859366,131072 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2816 --field-trial-handle=1908,i,3777167464833376382,2343562039564859366,131072 /prefetch:1
  2⤵
  PID:4580

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
753c3276b4b18d245759f8fe918e5d5c

SHA1
01d0fc8b33ca49ead94ed845c6fd6e0d10ac08e7

SHA256
c2d7e30a7a8b84a86b34ee0d2cd05ce689ff3feec3c17c892c677329d3c823de

SHA512
f7c5c284c5231a72b2e447a2a063889047cfef5491d7686b3c1c87db22436d4b1d5581d21c7ec515694a6a386424a69c22f8e196da3adbd34615ca5c13b37968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
191395455b7a5361339746c5ada212b9

SHA1
83cb7542850daa7767416d43d91fc5fb54f89a52

SHA256
b5a3ab23f77d016b9e3965d74e574035f087af0aac341be362fd1a2f0d18b959

SHA512
98fdefba3c8a82f7ecc9d3b6e1f9859cf515c74b270658a6a27f4b00d65e96b1cf3fb473f7a84d31f4582bd7b2ef4cafa5259293ee3b223d5d22793ded0d9856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
9ea9ca8a99200c8fccd88fd4994e096b

SHA1
820495d5bef53ac3c55b60fdf3154ff7ad79ba58

SHA256
8eec8610e73946f0dbbc6d8a8ebc8fe830d4d8929fae46955ea1dac2190e0971

SHA512
d988495c37501f0d340c968ebd4f6e23b71f258cf08780abbbcc9cb3109b13ba9082362bdc5a020c122b5af2ad1ecbf88a0088d1a716dd4472386ac6d3efc114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
93e087e51d19047b37015d885f016735

SHA1
d2479b47e06475d1a945d7c9f1c6e6b836ce5058

SHA256
f9edcfc3e503f3da0d7137ba108752fe5b486159540c4dd8c02e8e1e19a0dfd4

SHA512
7506c15b31ef0fd4b8d48ffa914c66e7f6dfd87b92479d91349730a74c610fae37dccfa44c698209a0569d0dffd55ea872d93aff82d2485a2700e862e814fa79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
8d124819bf1a7bfa2ee8b75f57859a17

SHA1
4caa88b098d037f2328ce2f589553fc6c1035642

SHA256
1e0191e166dc58b982d0e6ba394c143d211d9f8de968143bb578ac76515def27

SHA512
bd55109396c700133fc3c73a6f7a3097e3133fd31b5000b49b03c358d86b6fa4ad2b6d2c0631e039392075a0bf07b0f8341a4cc5db413f9a68d31602f1457a0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit