hxxps://go[.]activatrade[.]ca/openr?email=redacted_email&fvid=darsept22open&r=darsept22&optinpage=6CheapEnergy&subtype=stocks&subinterest=general&dlcode=&dlname=&trtype=

Resubmissions

26/08/2023, 05:27

230826-f5f9zaad2w 1

26/08/2023, 05:24

230826-f3y21aad2s 1

26/08/2023, 05:18

230826-fzmjssge76 1

Analysis

max time kernel
131s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2023, 05:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go.activatrade.ca/openr?email=redacted_email&fvid=darsept22open&r=darsept22&optinpage=6CheapEnergy&subtype=stocks&subinterest=general&dlcode=&dlname=&trtype=

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133375010978145492"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
3908	chrome.exe
3908	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2464	2624	chrome.exe	57
PID 2624 wrote to memory of 2464	2624	chrome.exe	57
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 3856	2624	chrome.exe	84
PID 2624 wrote to memory of 1084	2624	chrome.exe	85
PID 2624 wrote to memory of 1084	2624	chrome.exe	85
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86
PID 2624 wrote to memory of 552	2624	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://go.activatrade.ca/openr?email=redacted_email&fvid=darsept22open&r=darsept22&optinpage=6CheapEnergy&subtype=stocks&subinterest=general&dlcode=&dlname=&trtype=
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdadd99758,0x7ffdadd99768,0x7ffdadd99778
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1904,i,2022540378958664556,6195093999217037303,131072 /prefetch:2
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1904,i,2022540378958664556,6195093999217037303,131072 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1904,i,2022540378958664556,6195093999217037303,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1904,i,2022540378958664556,6195093999217037303,131072 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1904,i,2022540378958664556,6195093999217037303,131072 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1904,i,2022540378958664556,6195093999217037303,131072 /prefetch:8
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1904,i,2022540378958664556,6195093999217037303,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 --field-trial-handle=1904,i,2022540378958664556,6195093999217037303,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2736 --field-trial-handle=1904,i,2022540378958664556,6195093999217037303,131072 /prefetch:8
  2⤵
  PID:632

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
824B

MD5
b3ece8f71fb7e6ad7c9da11857c1a029

SHA1
5e8e0a2c41e79be94b55f5bd1f61cb35d9bdae71

SHA256
37b7e3425825a5fabb75daadb13b986e7a7ba5fda77cf0a5fc03bf9473eec9e0

SHA512
ebfd0e27fe48ff2d390c139e6e2a37193fb87d272d4950affb97fcbf79f2b089b132f59b54e405b4d775ec992fb66db6ab3720a5f1b77ff495f91835492e0958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd3f275410a946999bc663a815524165

SHA1
49838c3f33e254ba8dfd131a5e59eb971fc35a5d

SHA256
bd2fcf4005f9b6b0b0180dfe6f2edd8a0a5e4995ff888ecf104ce7ec92c6f3ae

SHA512
00aafafb8604bd2ee1c95cbe52e96738d833f11b722c82b9b3204438580a09fcbdccf9b7ecaa97c94e5a0725d4c85b5e437f3018c16b6670f95c96d950068e55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
50855ad2a7a7b29040f4c50986441c88

SHA1
1f4199aa7f4151900e7d5357c6ae3b3e7e22c641

SHA256
45b9b7fa81ef2c6cb1f21fc832a544d89979570a7c7a80435d22ae5760e911a5

SHA512
9e9c9670e6879ccfc686accf5d8a85ae5afb1ff6a8ec49242d20ee86e5651ec61b4c63c3e704de35abf28c26d84c266b15732d66aab66ed10ef53182c03694cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit