hxxps://meetings[.]hubspot[.]com/justin-passero

Analysis

max time kernel
32s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
31/08/2023, 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://meetings.hubspot.com/justin-passero

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133379885804890560"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 3376	4068	chrome.exe	83
PID 4068 wrote to memory of 3376	4068	chrome.exe	83
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 3188	4068	chrome.exe	89
PID 4068 wrote to memory of 4116	4068	chrome.exe	87
PID 4068 wrote to memory of 4116	4068	chrome.exe	87
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86
PID 4068 wrote to memory of 4936	4068	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://meetings.hubspot.com/justin-passero
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeaf529758,0x7ffeaf529768,0x7ffeaf529778
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1876,i,15178019374055200378,3188863130379278877,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1876,i,15178019374055200378,3188863130379278877,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1876,i,15178019374055200378,3188863130379278877,131072 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,15178019374055200378,3188863130379278877,131072 /prefetch:2
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1876,i,15178019374055200378,3188863130379278877,131072 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1876,i,15178019374055200378,3188863130379278877,131072 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1876,i,15178019374055200378,3188863130379278877,131072 /prefetch:8
  2⤵
  PID:556

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
b06e45af1bdb0d373c8709a786f965cd

SHA1
cb8acf2ceaaadd12a431aed30c1ff62e99e85e90

SHA256
33bc806fb6dc94798345287f493d8a0d34765c191c31e9171e302d3e8d326736

SHA512
889b5f643e219083832188a0c6d527124b2b5be085adc008086d64cee626c718f9bce89358b62d9f7b52b6e81c273158b35aad939c776563ad7ffee9cf2337c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8643c83f6dd0ea34d3c9b01f24e8a3a7

SHA1
254c18e9add7a4e05606ca76aad1fdb23c4b831a

SHA256
8b1269f90a24496fed1b647168ce4ad65ac76521b6c55a2bf9458af633173915

SHA512
3d3629acc88cfb8afebfaebd5919e46d4e53859c8c0d8ff05ec849c594b88f093ffa536ce7752156e22f7a151ba8af60a57262cfba3e4cc98e6eb9e43ba83118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4bac04f1e44ab20569c08ac65cd82315

SHA1
b9fa639335272f955c1baa24c33c8552c4f78412

SHA256
9ef8f5468e33badb821829fad63a802bf1a0852292630d3e71e246745a33fe65

SHA512
77f41e26101b4f8387e91e9c0a9fcf419ede022984ed8c983b8e70fb52757e3b6918b960432551c723155ba44534d24e72d7bd8ecccd57842b464a643062ea77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9a157097ca6192f7e032352cc987bf67

SHA1
ddef4a104d77e54df680d2cb5d12e61cec18db29

SHA256
b44a6507abe0fb1d5864ac68e8296b52d0003ed2ccb4b6c50b45029fdf4c7e15

SHA512
6d79dcbac7188418dbd534d5b8b37f5e4bd53ad50a58b606c91bc21cb7df7a39505083ae1c311a34176b7077b2eed911aa279230b37c3d0db9946b311c06c121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1b2accd93f50dafe8107fac965f4c054

SHA1
2e4ec00eef7050f893ca0a3de8877c602fd4a262

SHA256
3434504da2a733af35d5c359b35bbd25697ac08247406e042ab4fab4992c4494

SHA512
588fc878b9675b6f1dcbfa96ae47324706cabe99d5e7e8abca7d192d4903dfd04b40ecb41226e0e3b5d6e1c48c9cb47baefe9359a4cb4577f4ee9c789874e729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6ae99fc71b7d8a14ca9394d7243f90f0

SHA1
e6ea5e3326fa386b3861b1028d57755caf2fc86f

SHA256
d6ef1b4c39e5d027c913ad0b8d4c25ef731641953137029e72ad949b2c129325

SHA512
5c07c54b1550434f6ea52bb34c7b3e3a2f77e0ee76ff84bba332bfed63c89076263b52ae78d2ef52b4c79de1ce8c5a8135b08f123c239dd717dc364da281cb5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
e42b69ca7a592b9041ad5e857468e1ee

SHA1
698cd47874a4205456c01b026e01c1f73e945f42

SHA256
5d66f53dff48fb26a81aec9ee1c9d13699576cca7ded5acdbb49c1fcb9b2dc74

SHA512
e246e5dc57b25ec3b6c16c3f0b288b43ebd8c8e3f032f279bdcd61e55d58fbe5ae2358d846b9facbed3dbf3283e57525c9ef7611a97b3102d804e9e648aeb060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
f219e5146f0a7f3792190ae3a0d57cfe

SHA1
b39c6cca7d7e9ba38a034282e6f92b78edc69806

SHA256
79694ab6b3175dfe06337ed5a8180c67644a23bba66f264b3449c06d01b190d8

SHA512
b61ef3268b7f562d01f524e5d22bba8042b2f31c8140192cf041d7f5a0ecc2deb16ccfba183ea2d94d42075125ac91537db257384cf94c8aa41089315f4aa949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit