hxxps://www[.]volvoce[.]com/united-states/en-us/about-us/events-and-initiatives/the-utility-expo/?utm_campaign=tradeshow_

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
26-08-2023 08:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.volvoce.com/united-states/en-us/about-us/events-and-initiatives/the-utility-expo/?utm_campaign=tradeshow_

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133375112824907546"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4176	chrome.exe
4176	chrome.exe
1704	chrome.exe
1704	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe
Token: SeShutdownPrivilege	4176	chrome.exe
Token: SeCreatePagefilePrivilege	4176	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4176 wrote to memory of 1604	4176	chrome.exe	83
PID 4176 wrote to memory of 1604	4176	chrome.exe	83
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 1092	4176	chrome.exe	86
PID 4176 wrote to memory of 2976	4176	chrome.exe	87
PID 4176 wrote to memory of 2976	4176	chrome.exe	87
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88
PID 4176 wrote to memory of 220	4176	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.volvoce.com/united-states/en-us/about-us/events-and-initiatives/the-utility-expo/?utm_campaign=tradeshow_
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc12d19758,0x7ffc12d19768,0x7ffc12d19778
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1892,i,5326939796133315884,4911324914481709338,131072 /prefetch:2
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1892,i,5326939796133315884,4911324914481709338,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1892,i,5326939796133315884,4911324914481709338,131072 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1892,i,5326939796133315884,4911324914481709338,131072 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1892,i,5326939796133315884,4911324914481709338,131072 /prefetch:1
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3732 --field-trial-handle=1892,i,5326939796133315884,4911324914481709338,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5036 --field-trial-handle=1892,i,5326939796133315884,4911324914481709338,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4908 --field-trial-handle=1892,i,5326939796133315884,4911324914481709338,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 --field-trial-handle=1892,i,5326939796133315884,4911324914481709338,131072 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 --field-trial-handle=1892,i,5326939796133315884,4911324914481709338,131072 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 --field-trial-handle=1892,i,5326939796133315884,4911324914481709338,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1704

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
09a72191c9fcda54bdf65ac31fde3176

SHA1
b9b359afb675aec84bac527f3c4a83026fe3c843

SHA256
d09c8f5b448ef65de533ed9488dbbb99821c68f776617ee0848576cbe70f8b82

SHA512
6e646245491f3d0450c5b19cc4c3c45963300ee3abb7013f91b7c1410752754c4bfdd6d38f580987dfa3f62e3fa8917ba799c60999a9f0bd939d7fa0445d5769

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
bdde3cab2b0af2520c084cc732a8b2b0

SHA1
e89dbd7dd78526b67228e96e73325b966cda96c7

SHA256
8f6858799f5f70ff8ada9fc36c004bd3b5a48ab54662c4c41a4d37ae301a0d9c

SHA512
f8effee0953809241c82a0a490b1452fc2549e00944e1e3e16e03be02644c686dd78ab7f6c2c139a3e5d4cf75ee2dc1fd93075655e3595524540848f0c5180ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1c6e20c62427e5086edfe4273d37f9b9

SHA1
9ca78f3e2cb1894bf09e0d493a56723cf74f2102

SHA256
a1fb27834f26052e704e5fa65d0522ff5d85fca76a758fc262fa4678135c135c

SHA512
8200bd835d366023e475f1f53349976fa4862f1d0bc985db5619633703702e13315b934110edfec4da0c2e54e5668f01ee9124dd834c1e57a5fa77ead0f954a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ccbfd036defd7fee261fc2175a803c31

SHA1
4ca15ba57fcb306934ff02d864e959aee6d6afe1

SHA256
724c73028767e1bb6297345aeeb74e7f25b95c40af490acbdd287e0ebb750591

SHA512
253c42a156e793faabfae39b107f170920dcdec5a925b8737f69eeb0c1a48c4e551409e35a621ac9c73a5625b5989e00a869a76f60d958f30536f8a0e810b905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
13382f134b06440ef754208bd7219922

SHA1
f9bb6167341ca25076bf24fb2062bd058bbc0dae

SHA256
bbd2d0257e306e29b482d5c335ee95a055efe00d7bb9a310f983ac1dd31ac2a7

SHA512
1455f82427829c453ccd80e42d82f81d720888a288f777e9d3247ffb1c2650875b8f1d7b0da6eddf7c792886261046047de5f98549703ff1326090311ef79b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
9d68db98f9b56053d385da81a8e34aa4

SHA1
72d4e21221b4d695b91148ad650a314b07cc13b1

SHA256
7faa131aa26b21c9f63397f0cfa45248849e2141598cec56d37d592485b5d2e4

SHA512
63780415fc28cbd214b2d3ea60e91bf0dfad678ff7ad2417b269c58beb11a8fbb1d7fe7858aadebc04e9002ea0b454897faef004205c9995dbee1017253e2faa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
94KB

MD5
fd848baa4c43dacf2f31f716bfe7dea7

SHA1
5b8cb1a762011e34203efbad017131a3a92e8b1a

SHA256
94f3fbd7a107ca97abbdcb334007d87e2ddac98b8c53d7b99b2753995341c6ee

SHA512
3a7637c028baaa73dc81288c35aafb28a72dc6bc6d07897f2f141da99997e61e266fb9f6eab753c13c361f243f762d3caf6233301f682d2ec411406409bf8e13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit