Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
26/08/2023, 20:26
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://pl17096785.highcpmrevenuenetwork.com
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
http://pl17096785.highcpmrevenuenetwork.com
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133375552252935527" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4520 chrome.exe 4520 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe Token: SeShutdownPrivilege 4828 chrome.exe Token: SeCreatePagefilePrivilege 4828 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe 4828 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4828 wrote to memory of 3868 4828 chrome.exe 83 PID 4828 wrote to memory of 3868 4828 chrome.exe 83 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1300 4828 chrome.exe 85 PID 4828 wrote to memory of 1848 4828 chrome.exe 87 PID 4828 wrote to memory of 1848 4828 chrome.exe 87 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86 PID 4828 wrote to memory of 4140 4828 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://pl17096785.highcpmrevenuenetwork.com1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4828 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc47e09758,0x7ffc47e09768,0x7ffc47e097782⤵PID:3868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1896,i,8592562519807000734,2563366367455457924,131072 /prefetch:22⤵PID:1300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1896,i,8592562519807000734,2563366367455457924,131072 /prefetch:82⤵PID:4140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1896,i,8592562519807000734,2563366367455457924,131072 /prefetch:82⤵PID:1848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1896,i,8592562519807000734,2563366367455457924,131072 /prefetch:12⤵PID:2424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1896,i,8592562519807000734,2563366367455457924,131072 /prefetch:12⤵PID:3140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4628 --field-trial-handle=1896,i,8592562519807000734,2563366367455457924,131072 /prefetch:12⤵PID:1924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1896,i,8592562519807000734,2563366367455457924,131072 /prefetch:82⤵PID:4312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 --field-trial-handle=1896,i,8592562519807000734,2563366367455457924,131072 /prefetch:82⤵PID:4988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1896,i,8592562519807000734,2563366367455457924,131072 /prefetch:82⤵PID:1492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 --field-trial-handle=1896,i,8592562519807000734,2563366367455457924,131072 /prefetch:82⤵PID:4456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3776 --field-trial-handle=1896,i,8592562519807000734,2563366367455457924,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4520
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2020
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
312B
MD53ceb6f889a3a154e5aac066c6df2b007
SHA1761eddc2dde490f829101d843738e76cbc2106ef
SHA256c6badea7b68d57b025466f1ebde9dda9f90cbe0c225c8739bc96e8cec35ed96e
SHA51201923c8a3e10815aa385d705df13a493270ae69f4523777fa4003b8cca2a0cdb852388c81c64044237016c931057a0137be35520fff58f5f45df38ef8f7dcd78
-
Filesize
2KB
MD50402fefb909c0c2d789fa40063430747
SHA1c1c6bb6b19e3c48a34aa56f1c483764de6d3849c
SHA2562d2739c4d4796149ce00c397e4381e4974ab203f5f4446040341010f872a0a63
SHA51231785748f0aec3cfe0cd3dde16c68bfd1a558555ba0bbf3144b8469c083f3ed8bbb06952a42f21e0716adebdf0651921d1fd39a2fa4670a755a4304546a8d0dd
-
Filesize
2KB
MD5f30da4fb008dbde3525018eacfe60de5
SHA1d626e5b70f7a7fd4e3e4c4dad0ccfb2a118aa59a
SHA2567a9e10481666c10200376507e3ba02d6646d49a6c397272543dbac2fbef2828a
SHA51268f6be2eabbb129589dfce63dc0230779e7e1666d6faf3c51a02df22d45e3417c3ea6956f4b6631777233fb17180bf99363e4ebd280ffa436eea1d7154849828
-
Filesize
539B
MD51bf3f988cd690256d0bc4b39a70ad8ce
SHA19f4fdc930860a9fbdf967441e6ca96461803f6ac
SHA2560c761dd819b5d50eb06b8f9eeaa7737690aa638a1fec9741fc5149ad3ba29e69
SHA51280a9edf0787a01e5cb581703fda8f1741ea37976c63ac587db06ccbabb11d64a4e6e1bf901d549217139e6f6e043632e8a8a425225a74d469e4a4b9824d2c402
-
Filesize
6KB
MD5d4f83454f9119903e4f09bc4c6acb189
SHA1ae3baea3752f280e6e4ef0e853b48dfbb1058178
SHA256870d027d0bc771d0bdf2e8c52f2a6eea1af639997e71d9fcd6dffd8992cdd40d
SHA512602ee934491e799eb275b6cb408deacffbaa60348050e39a1c4dc9fdded66df8406878f5c5c150f9af653ac6744f639bea3519eec28ad36c0a5be910d1c839cd
-
Filesize
108KB
MD5fae46bea272469564546f8fd9b78aebc
SHA1f013f151e2a3bf08248fb25ed5017e5564dd8bef
SHA256959533bd8ace69e782f99f1caf71b28499797479ad5d59fd509be7e9b96ed337
SHA512bae43122e2365244e4cbb5379f5106a8d3f9f6b2f1d6d0b04142d1f109fe8fa997b1579ca47030cb9daffaa076c3684d5181b3784bf2561ea813690b53c8be9d
-
Filesize
89KB
MD578893996ee6a195bbe81955d8497d8dd
SHA1dfb300a4d33cf3f35da588aafcd03560c7518701
SHA256d0422a302e9199fca3f2f1f79c00f3aaf2462be226910334fef6705bd7b6e866
SHA512b1759003ee00f385e43a8342c4ce130b4fabe673a58a8be4dd3e8aaa14817722405ceaaa7749193e5bc0370341eb42c77def43ffef0fe33885522abc919ddc34
-
Filesize
89KB
MD55dd4c5da74bd6630758d07bd61162d31
SHA1d9152c3e14abd22467768fbed6f38046810ef97a
SHA256752e5d2e7eb1445b3895427601e6a1b5f41ea2bd546ac304c9b8e51c15d7138a
SHA512c29f3aba30a849f4d2e75f2fe25a22239893cb497379d89d3be2339edafdb3701f37694659508b470c0d4742a919edb6b3a470de31c54dde9e31235327539ece
-
Filesize
89KB
MD584b3e87d1b9a6240569b7a106f61c6df
SHA1f40c5f574227f3581b28c265c5f860b7e99f4559
SHA256d9ea7d3ebdada439dda23531f4dd62deff4fd3576360e413614ef6f5d555650b
SHA5121c74764fd593b43e9d2b9a8934403a46b3979046d05aaa0eaaebb1f0b0371dfc6be054bf46f66782db0cfa11a79ce6a39f8a67111e08859f6b6e577b5b47ba06
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd