hxxps://templecpa[.]imaginetime[.]com/request/file/ab84c11238e2d70166b4cbc5

Analysis

max time kernel
106s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2023, 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://templecpa.imaginetime.com/request/file/ab84c11238e2d70166b4cbc5

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133377978088778396"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 5020	2712	chrome.exe	82
PID 2712 wrote to memory of 5020	2712	chrome.exe	82
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 4104	2712	chrome.exe	84
PID 2712 wrote to memory of 2624	2712	chrome.exe	85
PID 2712 wrote to memory of 2624	2712	chrome.exe	85
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86
PID 2712 wrote to memory of 1104	2712	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://templecpa.imaginetime.com/request/file/ab84c11238e2d70166b4cbc5
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0fd99758,0x7ffb0fd99768,0x7ffb0fd99778
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1836,i,12700286844562016509,14534042064452684833,131072 /prefetch:2
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1836,i,12700286844562016509,14534042064452684833,131072 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1836,i,12700286844562016509,14534042064452684833,131072 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1836,i,12700286844562016509,14534042064452684833,131072 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1836,i,12700286844562016509,14534042064452684833,131072 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1836,i,12700286844562016509,14534042064452684833,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1836,i,12700286844562016509,14534042064452684833,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1836,i,12700286844562016509,14534042064452684833,131072 /prefetch:8
  2⤵
  PID:4032

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
6ed99aa33c709ecf74085b8b28f005ee

SHA1
a8af3bb9154801332732e32fe3385914a4287341

SHA256
377386ec7580742ebda4bc7b1d6b7b25dd3540a1b652583ab462f3b55e0c34f1

SHA512
52827be7d6e62045fe1a35fd24fd7213a4e2749ea2d799a4bccbba34a9b4ce8ff338484d445edbd51aaae055a20bc10d5b39cd2367e5a596ceb268b6a91cfb72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e3f3431d67d109b5b43c072463a927cd

SHA1
d8ea4e04b5ffd13589b97249d539f413733b63e4

SHA256
e633947b71ea7c9123ee1b1545b026c904803f92aedd3ac03912af7033a1eb9d

SHA512
284617576b09b69e5a1c458d4213afe160a8bc0e0ae595d3dfd2449f9b00f5f8edfc0be5136c0d7099d2de27ace12bc9e3720e947b402640f200ebdbe01fc2a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
871B

MD5
eb8579bfced315a31efff43d1f5191e9

SHA1
3e7eaf6cdab31e97fe0264e5428cf0169445e820

SHA256
014e952140dcb81ebcdfebf45e99a805cafb93277c3c5d69f19d4e123d0a71cf

SHA512
1d889dce85ef0ab8019c051ad9b3b1580cc0da2d939cf6798d13559d178f0d056d78dbac09164f6adbd12c9eb5d3d89948b136ce60ff840dadbdbf21c4ee6b79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8615a6b40c0965a531a4544e4083f880

SHA1
839b5e07d659979037232347a9e4ebb5bc385f63

SHA256
8b54e59716ca0d124564fabedd4d9d7ba6a7510bf5faed646574a3e5a5c68fae

SHA512
4dbdb213b0afa0658033af526955796fef3f23627e4e453c2a446fe2d14b982c50bdf773b7e1f884f4a77b3d640a7d5095fa2af34a589c33aef32a4971d38d4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
273f318b30a721cd0589c98cac686915

SHA1
7b00c085dd5fae7eae4c7fa9a31513807d8870a1

SHA256
edf64eefd62416d9328729d15ad94665b5449b0681e7860703b0131c9e197ff3

SHA512
c66b1e5cfff3cf4fc519ce18688c4f30ec3e33f02ece112b0e838f70437901b6d6d2a36eaab6a25cacf6ea10cfd4909e6a5c35348f355b3cd27559032bc89194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
54c22028476c476bfc53b0ca27194bcb

SHA1
044145d104501a091daa72987b4457f664cdf2eb

SHA256
fa9de362740adc1bb112004ff7da97cecd1724913c305dff6682e5574a847a4e

SHA512
698985ebe85511eb0f5ed4e68252ce85d05389303f5030daa86bb2175ffee3ad46e0810eef7f131b301ca9b971d8e6edaa6f48e7fe129ebdaa3901a319651863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
3899e1312f72fa3d088ad0329ad3a43d

SHA1
4ce4e5ed631ef43310b548cfe055cc2875ce63d7

SHA256
20de9d4038da047482b224812056bebba58a2933c93b169cf646d9672109d4ca

SHA512
7ab9575d139efaf77b8af660dc38df100e1ee3f4743495b87f6ccaf8aa2d7d2d277a6a8cf7f7b147b0579b4b99f2786a6a03f53e7e504bb9c007e993af873bf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
e648cebbebdf30f0710d8673254fbd86

SHA1
3b6510f1ae1637ddd0f31300e358d04f1bcf6c56

SHA256
02590c530af9355add4ee747ca0fa71a55a259748caad212809ab079cf7cf7fb

SHA512
f112414eea54e2aa36d13e68a38399ad253ea6a232be40ab928de1af752c828642e6743bcd36c66c0eaed8b973585fb4250b0bc9f060a2a5be3b4e3eb0e540b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe593483.TMP

Filesize
104KB

MD5
347c6e20dfd93079b67240fcb385f902

SHA1
a667a69c0040fb34a1ee1fed46d2631fab637af9

SHA256
1f85c36ece79cc11f2bc367894ff3f1c04628bf678b4ff3f4a010c21903876f7

SHA512
6e18251f20365f02937ffce80e32b0ebaef1b2e27e85ef28b19ae37448ee93ee95b1a70d24c3eec137ac3961570dba209df403829ca0f4193f69ee4a314936a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit