hxxps://elements[.]envato[.]com/

Analysis

max time kernel
41s
max time network
43s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://elements.envato.com/

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133377244217606848"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
780	chrome.exe
780	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe

Suspicious use of AdjustPrivilegeToken 32 IoCs

description	pid	Process
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe
Token: SeShutdownPrivilege	780	chrome.exe
Token: SeCreatePagefilePrivilege	780	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe
780	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 780 wrote to memory of 2648	780	chrome.exe	41
PID 780 wrote to memory of 2648	780	chrome.exe	41
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 4792	780	chrome.exe	86
PID 780 wrote to memory of 2964	780	chrome.exe	85
PID 780 wrote to memory of 2964	780	chrome.exe	85
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87
PID 780 wrote to memory of 2572	780	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://elements.envato.com/
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2e179758,0x7ffc2e179768,0x7ffc2e179778
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1972,i,9000508892456465225,9409690535266507120,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1972,i,9000508892456465225,9409690535266507120,131072 /prefetch:2
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1972,i,9000508892456465225,9409690535266507120,131072 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1972,i,9000508892456465225,9409690535266507120,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1972,i,9000508892456465225,9409690535266507120,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5028 --field-trial-handle=1972,i,9000508892456465225,9409690535266507120,131072 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1972,i,9000508892456465225,9409690535266507120,131072 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1972,i,9000508892456465225,9409690535266507120,131072 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5076 --field-trial-handle=1972,i,9000508892456465225,9409690535266507120,131072 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5128 --field-trial-handle=1972,i,9000508892456465225,9409690535266507120,131072 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5016 --field-trial-handle=1972,i,9000508892456465225,9409690535266507120,131072 /prefetch:1
  2⤵
  PID:2324

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
62214fb10acb297676efae1f34d3bd1b

SHA1
b2ebf65b9963a639adb61e8356466c6a97afd6e5

SHA256
b62d344f7f6f1285d642e4c15874ae6307b06fcaa25ccdd574cd71ab07ed53a1

SHA512
f16174fcdf5930e59a7adfb5a0bb396d06ba70ae272c93582c20b9b24d8da15e6bcdad9c3f0c0bf52f25e5b95069dc2b6af2b09296dc4d2c181c4e7446b6b1ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5d99f8860e32442437c0f3d660936fcc

SHA1
7674b40d8eb3782194cbcf8c7267f54603df51dc

SHA256
99c59029d4726d0762efe21f2d3d51308b32b4fa0c4d4a48e50c8cf9aef89beb

SHA512
7ddf2b556d5fe6ed5d570225c510dbd273dbb01530e201352c5341c4188dcb83bcfa5f0ca113922b0e72493c0cce012012ffcaa71ababc8edf70a917f2b4b1e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7b5d7b4980385b9f2c26b205742e6dfc

SHA1
77c550928c14e9729364d4734d506d44cd385a74

SHA256
fb86e74e40f34ca367f2313c6a15c9d46fb0fb348b96bde6c771dc3a01f9b64c

SHA512
3a85ed02133a5d387dce0216fac78033c81bd32a85d7f7709209130c26153f243c900d61a2218a81551536e67ad4bc6a03384784bbad4fbf3370b34c41171871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
e62afe21fdb9345691dc9e8dfbf9f0e3

SHA1
c899c20d66e68bddd2e8357291dba6c0b139dbc0

SHA256
c041890c7effca6e592fa4449e60e73455c5af2132b99e9c0decc0ae10ef954f

SHA512
9a43fc28026f87c1cf8ffbab707fdff9c18ce4a7f1129a2894e52a1d628a56362c6b1e38b01c66e73d004289fbb5f955a5421f69a5bf3759d3d740923a11793f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit