hxxps://roxana-print[.]com/bigfoot-is-more-believable-than

Analysis

max time kernel
157s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2023, 09:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://roxana-print.com/bigfoot-is-more-believable-than

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133377736261245122"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1148	chrome.exe
1148	chrome.exe
3340	chrome.exe
3340	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1148	chrome.exe
1148	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 2212	1148	chrome.exe	81
PID 1148 wrote to memory of 2212	1148	chrome.exe	81
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 896	1148	chrome.exe	83
PID 1148 wrote to memory of 2628	1148	chrome.exe	84
PID 1148 wrote to memory of 2628	1148	chrome.exe	84
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85
PID 1148 wrote to memory of 2220	1148	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://roxana-print.com/bigfoot-is-more-believable-than
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbcc89758,0x7ffcbcc89768,0x7ffcbcc89778
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1756,i,16620483056210748932,10755333284079416312,131072 /prefetch:2
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1756,i,16620483056210748932,10755333284079416312,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1756,i,16620483056210748932,10755333284079416312,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1756,i,16620483056210748932,10755333284079416312,131072 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1756,i,16620483056210748932,10755333284079416312,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1756,i,16620483056210748932,10755333284079416312,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1756,i,16620483056210748932,10755333284079416312,131072 /prefetch:8
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5180 --field-trial-handle=1756,i,16620483056210748932,10755333284079416312,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
6520ee7bd6dcf9ae2bbfe98a680298ff

SHA1
f8fe2f0272692a45f2377c33a60f2bba331540d4

SHA256
7faab2c55bcc962babff1f60d7350bbd2069343410ce978838be8a302884cb8b

SHA512
11b11c01f73b31544755cff802f9e20ae63b2a53a76b758c6006db4933ca124ce60fc51232734309043fdd37a6476e5ad6ea1409d91f93a99b1be472d4001e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fa6e4f4743a88eb272cb992526970953

SHA1
479a4aac2fdf5171ce3732b8df2978d5437cf428

SHA256
e892de8d6ef1a1856e32ed8a9cbe68183595ccda2284c6c85e5ca610c0ba0756

SHA512
441814246a6b0c34d03153fa9704b0933eca7f574a930ecbd9aea2e60ec1c5fff07086cbf76492a94d791f1ae0e52f670a8663c8e49334bf5439f95d7b1ee3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ff034826003524c09454d024fee1dad5

SHA1
b1facf525631bb713a1911db960de58651703b84

SHA256
27d63b9fcb9df4b79f3d7e3f3798c2043fd8b1a4c511efd6383820965696bd6f

SHA512
09ff787f4e71e5eca34cc4b1e14c595b55e9703da319f972108a00e8d66e8e46c26da10a28c33b6c4bed3b0c9e4bafafc3091dd9da983f798e74f8ce38551e74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7faec5a8ab1e45ab3be6291d3c7772ff

SHA1
5cb05eb125e7ca0d4c55c3aa96eb014fb5c678f8

SHA256
37782f3e8c8e04bbc4e2527c7b7caf3cb14c4e0d1c6d08a0986b7161ff01da4c

SHA512
9e111d7828b6dd99cb2868b46368ce1603827c6b3bee28fd4aa0cb08dd82ca09b3c967f53bbf401f42cd87b6768527d28cd095086cd8cdaae9e246ff8a5322eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d319c31796cc380435cddef13c991d47

SHA1
c36c1efca615b1b5405ad4087931a1fd7989880e

SHA256
826e9c46b6465736422ddfad2e4e2f4eeeb95bdca24e2e1a31e5d7ad5be32421

SHA512
6262fb9baac747e68641d4a9ce56d7c729b1c0b85500b33d3a8b2706960ab3beb99726bc658917c291098c0aeba7b642481d535ef3839928ad25551439c537ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a2a34ec8-662e-4cb8-9d3a-05c7e65ddeac.tmp

Filesize
87KB

MD5
960fbbf04b8fee1946c8f8782c897b77

SHA1
7506c2c3bd7652e9207a9300ae362b16d14e91b6

SHA256
6666be4a25d126c661e72b7094221e8575c49160d10c7bb365996273d0a8f45c

SHA512
371cb9e87a62bbbdd74be7f73aaee0636e53a3ee475ae4b1da542b793923e9b5c69eadc3c7a8247ad99b5a1d0f0b61542b6180df03b489a7ca114b141c568136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit