hxxps://streetgames[.]myportfolio[.]com/

Resubmissions

04-09-2023 15:11

230904-skl1yahd28 1

04-09-2023 14:29

230904-rtknsshb35 5

Analysis

max time kernel
150s
max time network
151s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
04-09-2023 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://streetgames.myportfolio.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133383138793418379"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe
3512	chrome.exe
3512	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4288 wrote to memory of 5056	4288	chrome.exe	69
PID 4288 wrote to memory of 5056	4288	chrome.exe	69
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 4296	4288	chrome.exe	72
PID 4288 wrote to memory of 3248	4288	chrome.exe	71
PID 4288 wrote to memory of 3248	4288	chrome.exe	71
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73
PID 4288 wrote to memory of 3676	4288	chrome.exe	73

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://streetgames.myportfolio.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaea7c9758,0x7ffaea7c9768,0x7ffaea7c9778
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1716 --field-trial-handle=1600,i,9440038113329606229,17926333281926360329,131072 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1600,i,9440038113329606229,17926333281926360329,131072 /prefetch:2
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1600,i,9440038113329606229,17926333281926360329,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=1600,i,9440038113329606229,17926333281926360329,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2648 --field-trial-handle=1600,i,9440038113329606229,17926333281926360329,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1600,i,9440038113329606229,17926333281926360329,131072 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1600,i,9440038113329606229,17926333281926360329,131072 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=928 --field-trial-handle=1600,i,9440038113329606229,17926333281926360329,131072 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4588 --field-trial-handle=1600,i,9440038113329606229,17926333281926360329,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3512

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f953803579e0b516d4fb32fdf7264bb6

SHA1
48257a760921b146e69af0cfb6f1a8f88afaaa11

SHA256
4cbba70077efe2d400a9c0f5c83c42a7facb2c13d5187d0fb1a4efd142505448

SHA512
50d71f3b7dd84f20619d3353033d0e0e611f9b6f9d0c80416b068ed1132f96c49f8cb322e3feeed84a382a6798c32987e78d72dd3290c70175879c751357b9d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1015B

MD5
ebe598e88341d932c6ac8604657bdcf8

SHA1
27e7d58e9549e1ecf9d23023656891c3d965105d

SHA256
9db4477cbd3eb73f15a1ad6f234cab3eaec682f54f3206428e41022af3c0b07c

SHA512
e1f437fb2e5deeb211fcac83e13806f57737e2f6406bd8f9b0287faa5a58606561eb43476fe7fe462947324164196880f4bf7d4d2770dc6434a59b821e95d0dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
b227a51078887b4a4fcb436c19e7721e

SHA1
1b62309b8d5d045f5220ca16337ed0990d8aab44

SHA256
056e9263700aa7d36652b50df78ff758f835f2aa045673460d74d806a64970c2

SHA512
43ba5952ef3229163a3171080ca30007dc9fa0fe003eb7549f172760bcccf28d1bbb1524b4155e05f60b201261b55850bfaab80c70ad1f52b9df942b28bc7c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ffb7ceb46650ac6a692a98d38daf1de9

SHA1
5e75cab63d8ba2f48104c96676577de6a194bf24

SHA256
98b7175b768fc0ae8d15b75e31ba1d34da1d8fc9f1c81dd688cdf51947c0acf5

SHA512
75cb0124e0ee549f8dc0b8060394116a7825cc10e47efe0681248cca6f3e3cff4b5e222d6f39562c821110ead2f0373f9b97dfaba22b0a0d4cd53c25954f1a97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5a9e2823f345bde5fc3bcb0a477ee8b2

SHA1
223afcf40d82a515498796a7f0671fa4ff32d5a2

SHA256
9d966477746324ad2c05502c437f872065047211e85969fa052bfdcde9a4ca9e

SHA512
726e02e3572a00e23b4daab9659ab7d4d6e8cc22f8ac234114a200aca34a65ec39c30ebafcd4d7ce69736f64fcbbcdbc361db122c8c6f960a13ae82bdac0ee90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
38f50e65542a280b75cb963c3cfe6555

SHA1
4d18f8f2b2a905703ee3ae224353e6af5326e18a

SHA256
499cdde3ef64f1d1218dc3946d06e5b0f466c6ae3de042ad123221eff6443ce4

SHA512
31f238de8d64d2db0a1e1f811d43f546a80b42fd43a26158339cab07518524c65bd80af79c00b52c30dad083ab834fe07c146e1f8c3444279644f77b842c045a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
00d0b033e78d3f3f9032350bf8c52667

SHA1
612bdff039c769d59352ab2de53abad208ed4db3

SHA256
03a00a25e55dde111dde08ff5c5312ca07d14e1420fc5b954dfdee762586559f

SHA512
97d9ce9d412e0d08495490bc4892a6e80de4b779e5f2f1c1a7cf59d5043cc97bb600e6836e52c2f6d448880de0a75a2cadf0fcde839edf4935526ee4318edcd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit