hxxps://j[.]mp

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://j.mp

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133377215439262772"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4016	chrome.exe
4016	chrome.exe
3588	chrome.exe
3588	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe
Token: SeShutdownPrivilege	4016	chrome.exe
Token: SeCreatePagefilePrivilege	4016	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 2056	4016	chrome.exe	68
PID 4016 wrote to memory of 2056	4016	chrome.exe	68
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 4916	4016	chrome.exe	83
PID 4016 wrote to memory of 436	4016	chrome.exe	84
PID 4016 wrote to memory of 436	4016	chrome.exe	84
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85
PID 4016 wrote to memory of 3576	4016	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://j.mp
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafe379758,0x7ffafe379768,0x7ffafe379778
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1860,i,3040006974004741716,11628925724346022153,131072 /prefetch:2
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1860,i,3040006974004741716,11628925724346022153,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2040 --field-trial-handle=1860,i,3040006974004741716,11628925724346022153,131072 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1860,i,3040006974004741716,11628925724346022153,131072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1860,i,3040006974004741716,11628925724346022153,131072 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1860,i,3040006974004741716,11628925724346022153,131072 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1860,i,3040006974004741716,11628925724346022153,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1860,i,3040006974004741716,11628925724346022153,131072 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1860,i,3040006974004741716,11628925724346022153,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
7c58d1d313f5d0c73ae80dd7236a98e7

SHA1
e166b2d5553c9b0c029eaa6b04e45cf53545fa1a

SHA256
3742ad5abcae4414ee9dbd2073b1a9076b64e217b17e7bc6ebb5eeaab50836aa

SHA512
9f3b3d0fb8229df5c24eb4f92d1287cd29a81e609de6b1e32372b079766a5de53eacd9aece2e25cf4040d00edc1f9d4b6c4ac1be531328c38c40615ab4d2386d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
219e420c011be58687afa4540c93e06f

SHA1
348414fde8165d18987d548ef18d7012b37f4dcc

SHA256
1241fdb4ee6e8ac13a20f4c2129a81504c69d8a2155469e7a99e767ad730f7bd

SHA512
83cbe2a68eb52a9efbd22e324acda7aeed691d6b6a88eada39503769818fd52698713eb4f963606fcd40f8856f1c82f2d40f20977480ec0ac021c4f66c257994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1d230ee43a58a4098798c5f4d3e7661e

SHA1
097de8a8473d17132a7c0ab80bb65b88f21b3e05

SHA256
c0c1e749869e2cec817df332c3c1e31467a7d0ae95f9a394736a277d13184cf8

SHA512
c5bec0df3e7487a5eed4bc8231b331baba4ca051d44aaf0224af86fc26678216a2348b7c12a328f882db30184dfa97e803a211882f1b0e4fc475c9befceffeb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd66f047c0d80d8f37a94b463b6ba323

SHA1
36852237a1fe2a331c15fc43d019408d32b6234a

SHA256
1f5841f2acd2ef4b18827afff5a418ce458cceccab20106967a2ff5b1ee3ae90

SHA512
3b927004a27aa739a6d22637b7787c44525c6d1da90ce328f05cab8465382476bc53b1488ada385e1e32395d1bf88446c7fe760ecd6cf877364cbce963d67a85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
504cce45bc0cbdf9816bba05c7cbf9bf

SHA1
7930dbd3ceb1844db2e877effa7c33e6543eca72

SHA256
a6121428de15797af2862d4b4f21b568e269fe3019bb3cbc9783e39dc0807b3f

SHA512
c35158ce051207e093ed65a3f3f3ef41374518bb17b79e98cd21b840b321de6152d1329adce94bb10650e5e0eada382793632a124a0bd1aa534988b2161a66f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2450a4f9d903b07ec1af2dd794b697d1

SHA1
efb2466c151e08da5aae5c57994ac4701db33ce9

SHA256
93e62d7fc2feb260d2d56220a957075a0f2206dc309be040cb77667d6bbf9d61

SHA512
475697490a769dda7ccf2aab286a576f9cc3ead57ffa628a43cd55fea57d74caf6258eacf7fc7e7d3c6e42755299b2146c0a21883cb316bf976be75c05afed9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
1468407e2433d8b36097dc8463bafd18

SHA1
b165b6aab1c287796c0e392be0e91431d80b82c6

SHA256
3753f486b9c23ff290d1359ba6fde40bd93f5601a019df1744b3e7a54baf025f

SHA512
733c2bed56c24f1b128da964291959cf1493bc6692d76dfdcd7e48d077e5944a70b86d115103389e4c07ce27cec74c9b0fde27bb70450b5a6a484044977a570f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit