hxxp://l[.]linklyhq[.]com/l/1qdno

Analysis

max time kernel
20s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2023 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://l.linklyhq.com/l/1qdno

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133395253796838478"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 2948	4520	chrome.exe	25
PID 4520 wrote to memory of 2948	4520	chrome.exe	25
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 552	4520	chrome.exe	85
PID 4520 wrote to memory of 3364	4520	chrome.exe	86
PID 4520 wrote to memory of 3364	4520	chrome.exe	86
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87
PID 4520 wrote to memory of 3956	4520	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://l.linklyhq.com/l/1qdno
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff69819758,0x7fff69819768,0x7fff69819778
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1900,i,5522940988206348138,7759022388065208645,131072 /prefetch:2
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1900,i,5522940988206348138,7759022388065208645,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1900,i,5522940988206348138,7759022388065208645,131072 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1900,i,5522940988206348138,7759022388065208645,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2560 --field-trial-handle=1900,i,5522940988206348138,7759022388065208645,131072 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4700 --field-trial-handle=1900,i,5522940988206348138,7759022388065208645,131072 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4956 --field-trial-handle=1900,i,5522940988206348138,7759022388065208645,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5048 --field-trial-handle=1900,i,5522940988206348138,7759022388065208645,131072 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1900,i,5522940988206348138,7759022388065208645,131072 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1900,i,5522940988206348138,7759022388065208645,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4024 --field-trial-handle=1900,i,5522940988206348138,7759022388065208645,131072 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5860 --field-trial-handle=1900,i,5522940988206348138,7759022388065208645,131072 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6052 --field-trial-handle=1900,i,5522940988206348138,7759022388065208645,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6260 --field-trial-handle=1900,i,5522940988206348138,7759022388065208645,131072 /prefetch:8
  2⤵
  PID:2748

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1500

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4cc 0x320
1⤵
PID:4040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
181KB

MD5
f4d077fdd3bad1c3730c23cc2dea0538

SHA1
55bca2302e887ed5e238ed93ec228b46cdfb7d7f

SHA256
450d9f7f377f988975ef34a223a85831d1f9f862d5052f834efcda8146142e3a

SHA512
0b3754e2c994e97be8e84d3b239661bf08134d39921b4a9d1e41d26c2779c5ac5a106f71ca2b7bb6997d6ea1457d1225414129a8826a9a4388b7ace66cc008cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4ca0c1c46bf2aef446a084ae8bef5ba7

SHA1
602fe2674ff05cb32bd68d217a2eb308b4f085e7

SHA256
8d4c088189eac4373a38792bdb0714854082011a0c8ee8a8512ec5762537d3bc

SHA512
7245baaa4c57291af9e785d5e2246c665fc8295719a0a39a94c8e35060ac107da4effbb9feb65e8c14a410e8450bf4b2d6b9ec6d1952b898ec25158b28e95e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4ad234da9a0851cbda76c8025496de84

SHA1
e8092560d9242d3f004e9ff10022f0f26b71ca51

SHA256
1e86c42e18c7fa3d09c068ee8611bae5d27cbb64e204420f90e6fb1f08bd7e5e

SHA512
3b5b6f7e1df6e05ecf035cedf395f60a08847f955e11a7e9fc1f25ac0b230805af74f5abcf288fe0e79805c504ae05550b22f5c26cda153856aeb0a19a3429a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
548c2805e7d6bb9fea94afee361c8379

SHA1
29cf091a09a54b95cc508664d2933a3ba1032579

SHA256
fc918efe8dcc0df3f944961438b543a75803e0f38c08e838d97324878ec780ba

SHA512
4c9c5c3c0c00bf374408b06a86f1880eac17631e0a3de610f8527ae8c4021f51a1f9bf06e27d13655df9df650e6a972a79d083375e8a2f38929a2b8e02e15bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
10e1eb02d52a66642006ca3a592a139d

SHA1
766b52131420575b7fbb8d780e741e4c6f7cce1f

SHA256
4f5d461ef5825c40fafd862c12333bd7bfaa4418361b4cbbb54dca625bad5483

SHA512
a99ef422f9ede8a980c817700a72a05be983053f93312bc16380f23e668b9de1e97b4a9db681bbcab2d8513fc3748884c63b13e526c0621fd67d2c4471bdc545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
c40e4029ed164761d14d210b47b77b14

SHA1
b33af61d838cf095b6132cdf6928a49621308c1a

SHA256
8b63afc86193d258545007c844c1902784a8cb5e602bb628963b954e214f7ed1

SHA512
8761cee88e9d421e922b300fbd8f312df0e707bc4da26d32e6f775f7923a5b23ac90f0279070d4e7e5872265256186a09d51afc4871293b49d9194afdb31c663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit