hxxps://shoutout[.]wix[.]com/so/14Oe_fk7R/c?w=pQS893vJyvc3jdrNzmjp6jbUdHe2LbY-8hC5Z2UuSVY[.]eyJ1IjoiaHR0cHM6Ly9teWdvdmF0by53M3NwYWNlcy5jb20vaW5kZXguaHRtbCIsInIiOiJjOGRjMWE1NS1hNjk1LTRkMzEtODg5OS01ZGQ5NTUzNmUzZGUiLCJtIjoibWFpbCIsImMiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAifQ

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
30-08-2023 04:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shoutout.wix.com/so/14Oe_fk7R/c?w=pQS893vJyvc3jdrNzmjp6jbUdHe2LbY-8hC5Z2UuSVY.eyJ1IjoiaHR0cHM6Ly9teWdvdmF0by53M3NwYWNlcy5jb20vaW5kZXguaHRtbCIsInIiOiJjOGRjMWE1NS1hNjk1LTRkMzEtODg5OS01ZGQ5NTUzNmUzZGUiLCJtIjoibWFpbCIsImMiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAifQ

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133378418429093334"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
692	chrome.exe
692	chrome.exe
2388	chrome.exe
2388	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
692	chrome.exe
692	chrome.exe
692	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe
Token: SeShutdownPrivilege	692	chrome.exe
Token: SeCreatePagefilePrivilege	692	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe
692	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 692 wrote to memory of 1436	692	chrome.exe	29
PID 692 wrote to memory of 1436	692	chrome.exe	29
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 1316	692	chrome.exe	83
PID 692 wrote to memory of 2124	692	chrome.exe	84
PID 692 wrote to memory of 2124	692	chrome.exe	84
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86
PID 692 wrote to memory of 4700	692	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shoutout.wix.com/so/14Oe_fk7R/c?w=pQS893vJyvc3jdrNzmjp6jbUdHe2LbY-8hC5Z2UuSVY.eyJ1IjoiaHR0cHM6Ly9teWdvdmF0by53M3NwYWNlcy5jb20vaW5kZXguaHRtbCIsInIiOiJjOGRjMWE1NS1hNjk1LTRkMzEtODg5OS01ZGQ5NTUzNmUzZGUiLCJtIjoibWFpbCIsImMiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAifQ
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa0249758,0x7fffa0249768,0x7fffa0249778
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1868,i,5210925369669247169,9869312593935331505,131072 /prefetch:2
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1868,i,5210925369669247169,9869312593935331505,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1868,i,5210925369669247169,9869312593935331505,131072 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1868,i,5210925369669247169,9869312593935331505,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1868,i,5210925369669247169,9869312593935331505,131072 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4604 --field-trial-handle=1868,i,5210925369669247169,9869312593935331505,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1868,i,5210925369669247169,9869312593935331505,131072 /prefetch:8
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 --field-trial-handle=1868,i,5210925369669247169,9869312593935331505,131072 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 --field-trial-handle=1868,i,5210925369669247169,9869312593935331505,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2388

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
204c7cf0de55025c9bb1ae3a0deedf80

SHA1
01fb1a0612c57afcc5b41fc5c5bd8567a758ff7d

SHA256
600f8e0e704556deb8acfb2672d0c55b9dd1e9e8c57eccba8de6ec91f104dcd2

SHA512
ddd1921b2b64f7f30babac6e94dec8fa0b0f0b4e9f40e3da34595898a050ad6aa23087e42760da3af5fa64d000a81a4baddc6e2580b3e497e068bb28f05b346e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
32a1072554a8b85b26c37845871076ca

SHA1
7fbe785aaa860c35c949afafcb15cfc8990ed8f0

SHA256
f8211fc8740ffa4b76300f71e64e4f9c753a7c506970bdcadc664f952a0ac617

SHA512
b16e2b409142144cc787a4113ccdf6760637c7e7422d06e5a5ca6d32f351a3dbc10aca641b5346f4b474653df2483796b4976978cb9ce522ab868cf6dbba4608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
accdbcb49d4ff881c48690485c149fe1

SHA1
a1654459d29e3bfecec44b1e747024d8c30583e1

SHA256
34d4085b1ea4b2e2cff50ffa300f54aae468806c808eea4bdf58a1b9a87b0974

SHA512
16e162551a6f1f62abc0bb806d439250cbfb9751a6ab31b79957488fa177c5c20095b0b367b42293e2291e05f1cd2a5e63a4ffafbd7aed4d7ca20340c0e6ed36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3be617f8aba061dffad58eeea9b126f4

SHA1
1fea7459025bd9811d16358d51de36277abb2adf

SHA256
60f4f3ba851475991b03c3108ad28b420bb3a1fa6876e8c400b52f887efa46ac

SHA512
5bdaa5b36d0c929038c9c9a080bfd7e7148f5c5d0a7f9bd7a18fafe4c042ab4f3974c186682d36d57f34f62af547a41df296321fa5a190c7f14ec90cf38b12d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7de5a5ecd5d807ee6169d9f917b5ae85

SHA1
dfd4ef710e635a97b59eff3e83e264f896915c41

SHA256
6d35682cf6cc230a6a8afa698a092827eb5117fe58c4bea3d42d225af07afe36

SHA512
0be45cb3e72504a270da05ec4ddd69936ea949d2bd70ee1c4f47fd86857ed812c23a1addaa567f29ae967619783e6922195b80352a62ce784908496334961a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
84bf8bd90bbfd097ba4009bd5d5471dc

SHA1
2c22e39807bb9409adb2edfc755259f1f4b9d98d

SHA256
d5b5081233cf379687c3cbccf3e5353674d27b65d76cd2716c0796a776a978c3

SHA512
7e3987cadb0e7a4ccf9f57798dfcb98dad3b12d6b26587eca482f815119b768eeaab844bd8e54333105bf09b264eb6c102bc8c194da2cd303f5e529bb84989eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit