Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230831-en -
resource tags
arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system -
submitted
14/09/2023, 00:26
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://auverified-selfcheckout.net/Autaxrefund/
Resource
win10v2004-20230831-en
Behavioral task
behavioral2
Sample
https://auverified-selfcheckout.net/Autaxrefund/
Resource
macos-20230831-en
General
-
Target
https://auverified-selfcheckout.net/Autaxrefund/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133391248132193571" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1140 chrome.exe 1140 chrome.exe 4528 chrome.exe 4528 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1140 chrome.exe 1140 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1140 wrote to memory of 3488 1140 chrome.exe 52 PID 1140 wrote to memory of 3488 1140 chrome.exe 52 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 4820 1140 chrome.exe 85 PID 1140 wrote to memory of 2420 1140 chrome.exe 87 PID 1140 wrote to memory of 2420 1140 chrome.exe 87 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86 PID 1140 wrote to memory of 2136 1140 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://auverified-selfcheckout.net/Autaxrefund/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1140 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa35369758,0x7ffa35369768,0x7ffa353697782⤵PID:3488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1868,i,7414375076228361178,5965180544580429832,131072 /prefetch:22⤵PID:4820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1868,i,7414375076228361178,5965180544580429832,131072 /prefetch:82⤵PID:2136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1868,i,7414375076228361178,5965180544580429832,131072 /prefetch:82⤵PID:2420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1868,i,7414375076228361178,5965180544580429832,131072 /prefetch:12⤵PID:4996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1868,i,7414375076228361178,5965180544580429832,131072 /prefetch:12⤵PID:3988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1868,i,7414375076228361178,5965180544580429832,131072 /prefetch:82⤵PID:2224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 --field-trial-handle=1868,i,7414375076228361178,5965180544580429832,131072 /prefetch:82⤵PID:1600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4656 --field-trial-handle=1868,i,7414375076228361178,5965180544580429832,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4528
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3648
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD5f3acaf37bd9943abf6250b34dda7c776
SHA19d57f7c2f1ec7ebdcb6199db0eed3692bed04aab
SHA256a0aa8a16e93ef4e762a557ab7994ffbb4156906bc25c8bf25e2548566c1c8773
SHA5125675093bc61e9558c5cbeb0c2d6d9eea2424f0f9325033bcc82b02217634b755d828898d5a4b13edaedb8c03be6a4bbb4c293db0af6d410bd36415a8b609ba49
-
Filesize
2KB
MD56ebd07f0280b2131970d80faf9738627
SHA16ec5f9dac7a41abf0e24d229ae4f7a81f56c42ac
SHA2564c17fc92ceb8faa757a21562ef5258f873f75f93f378d92bdb2231faefddd7d8
SHA5121a2af19a6e66203b08763af5dda3da4a0e38377864c9fcc1061da7bf406f930586e5a4b48ec3631989d8ad4f5e0496ff64f6d10bdefb12e1a4e50ae6351a268c
-
Filesize
2KB
MD55981965f7ef8ef6eb3317f392ae7dab6
SHA1572741896204303b1c0032693ed56e56615b6b6f
SHA2567f1e1127fdc6a6697802a244d5b7298e53efdb00ab52fe8b7606cb191b554326
SHA512807619caf044dac2274a5f323a7600b29fe86c5b78f0d8d631617df6416fb063758435036babc9353d5c5919a012546b8d92af670a0b51179ba39d45d2f49e69
-
Filesize
1KB
MD5baa5185cae50565b21911a9612ff2358
SHA14b0923b8c9abb2713c82b340c9211f2fc2cebb25
SHA25636cd473f8a939ed5f2cd8fda5bea4099ed0ab96cb46ab0b0e45292ac48882529
SHA512f6b1c4a018e6acdadf272b32e6b8b45d59a3616c90827050254e2dfe8acf54eab2ad0c09f3ec897291386114f4e3be67b88c0a22ed4b11a8189ce2fb84578235
-
Filesize
537B
MD52190bf54405e246d7df7d12abe1396b4
SHA115fff85bfe0af8578a367ddee1d7d35f57040aec
SHA256e685655e449d6082dd94a11792c418842138dab28ffbecb452a1fd9e671e26bc
SHA5128a4691053133276df08f75bde869da62e89ff5545b9cbf9993c26344aa671dfddd1f2249911d0bd6dd80d05b7357bdf7dad480201b9c30731bfc87e66812308c
-
Filesize
5KB
MD5bb7a7b720880f352fd39175073956d19
SHA17a19c5a6f9940ca6357b7c0d43731bbf8bea4738
SHA256fff9a9cc80775b52c34e2add350996aaa057f99c423f0d6d465c60e978dfe257
SHA512fde4bf2b3eb29113029fca2db603dea93f7d7786c663beb837fd850c0fa778b0fbf9780d34a8a6b94f71b825dc20d1ba2a0b3037e653c1afae1cba9a2ff885e6
-
Filesize
5KB
MD50884be8a48eefb666102705f5960f895
SHA1761711d65f39c9ef02140a44517e6c231fb9e3ee
SHA2564a5e019c3f803f5ae63e921058267b6ca6190a84201d096167f397f5816f74f3
SHA5128b598472c46444a79bcba392037e5334044cd0ee71ee5eafe425be9e68af33c9613b3dd3b129e6bf4650cf12138019ceccd3dd32d53da39d57eff3b0ce78bdec
-
Filesize
6KB
MD528931b4a04f344a62f32090a7c387ef4
SHA1f217baf0672e189c13e750c46c3e49298dd61594
SHA2566698039045002a904d8581d869697a140cbf82af05715443ad14000aa3b082d2
SHA512e43ad784b86790f99478fd01457e95200822d442ccb0fe070f49120da8776f9238f6583065b3d6b2618a4260d3dd37d1303611e138841da0e7e05e2f5b86e3b3
-
Filesize
97KB
MD5c51cbb3eb38d0475d5da417bc79caa26
SHA15111c15bd291ea8d42dbd52f775d4c5ffe93992d
SHA25682fd9e6d6ed2160717e7b40211363f0705a0ba1285ce00d83ed3af63dc89d527
SHA5129daff1a7735bc258f806dd871d4e56c40b8f35b498d528750cdc6f45a62b4fb16729529152f5118eea9e127a0fb124a8c9040f33e209b34b995f1c6679661c4e
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd