hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqa2FiaHl1WDVmOWpSa1lXNmtVSWhBc2p1RjQ5UXxBQ3Jtc0tuVENiX2ZUSHhqbFNrTzR0MW1TMDFkS202OFBmMXkwd041VTFEQ1JLY2lRamhCOTdUMmhMb3NwTGx6NnhMZ3g3S3ViNzNUSFNCM05hbEhnaF9HU1ozZTBMZVZPOVRfd0pvQlUzRU1RMlJjWEpOUTNyTQ&q=https%3A%2F%2Feasyxgame[.]pro%2F&v=AaWuXPAAPkg

Analysis

max time kernel
19s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2023, 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa2FiaHl1WDVmOWpSa1lXNmtVSWhBc2p1RjQ5UXxBQ3Jtc0tuVENiX2ZUSHhqbFNrTzR0MW1TMDFkS202OFBmMXkwd041VTFEQ1JLY2lRamhCOTdUMmhMb3NwTGx6NnhMZ3g3S3ViNzNUSFNCM05hbEhnaF9HU1ozZTBMZVZPOVRfd0pvQlUzRU1RMlJjWEpOUTNyTQ&q=https%3A%2F%2Feasyxgame.pro%2F&v=AaWuXPAAPkg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133395328414700649"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1276	chrome.exe
1276	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 1224	1276	chrome.exe	20
PID 1276 wrote to memory of 1224	1276	chrome.exe	20
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 3188	1276	chrome.exe	84
PID 1276 wrote to memory of 1476	1276	chrome.exe	85
PID 1276 wrote to memory of 1476	1276	chrome.exe	85
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86
PID 1276 wrote to memory of 936	1276	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa2FiaHl1WDVmOWpSa1lXNmtVSWhBc2p1RjQ5UXxBQ3Jtc0tuVENiX2ZUSHhqbFNrTzR0MW1TMDFkS202OFBmMXkwd041VTFEQ1JLY2lRamhCOTdUMmhMb3NwTGx6NnhMZ3g3S3ViNzNUSFNCM05hbEhnaF9HU1ozZTBMZVZPOVRfd0pvQlUzRU1RMlJjWEpOUTNyTQ&q=https%3A%2F%2Feasyxgame.pro%2F&v=AaWuXPAAPkg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ffd8edd9758,0x7ffd8edd9768,0x7ffd8edd9778
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1896,i,11945315683257625265,6228089540135336121,131072 /prefetch:2
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1896,i,11945315683257625265,6228089540135336121,131072 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1896,i,11945315683257625265,6228089540135336121,131072 /prefetch:8
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1896,i,11945315683257625265,6228089540135336121,131072 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1896,i,11945315683257625265,6228089540135336121,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1896,i,11945315683257625265,6228089540135336121,131072 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1896,i,11945315683257625265,6228089540135336121,131072 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4884 --field-trial-handle=1896,i,11945315683257625265,6228089540135336121,131072 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5148 --field-trial-handle=1896,i,11945315683257625265,6228089540135336121,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3132 --field-trial-handle=1896,i,11945315683257625265,6228089540135336121,131072 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5364 --field-trial-handle=1896,i,11945315683257625265,6228089540135336121,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3208 --field-trial-handle=1896,i,11945315683257625265,6228089540135336121,131072 /prefetch:1
  2⤵
  PID:4304

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
dc812fab8e09ad6c3da0843f83096bd8

SHA1
e77dcde44c369d7b6835061fa725adb9f827c0b1

SHA256
89ce200d2337933d0d3151da3c0277628f55efaf571e852a1249dd667ccdcd88

SHA512
09dba4dd23040fc17ceba970add5ee4312b22ab9d73d0bf267843022d3ad1da78bfce33dd14853262cfe3ecbff27959a55c7c97ed009d28ac2eebda03e2d3dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3a862b67fae08e9c8f556e2c5df21a53

SHA1
c66e2c666ad2462c685430b9308966e467297c94

SHA256
efc9e14b644611471204298b5ffb817ea300a0c7edc626ac105f426f04521ca9

SHA512
a27db491fa1438d9bad6d47f99d8792bb68e3b113d4351a50dab9cb742f2f5cbac6106e054b88fbcb8a6770f701b12c596adf974c6d472fde16c64a1f2e981a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
21affb48c7eb1622bec1fab9eccb347b

SHA1
71312bee444447f8805d3f270051297d83a7c7cf

SHA256
07517116498fcc2b73e457bf7e044554cccd134ff0399a07034acd8e332c9a1e

SHA512
23fc81eeb942f46b3d6112eb938b55ad3e86e00f0d8e50129178318d894b56e72df95acb0bae52e23a0faadbaf180f4d9beb917853f2cd564e8f31cf848de4cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
088b00e74878775b7ca4fa79c773f43e

SHA1
3251bbe979edaaf9f1f2b4890553ed6b37ff2125

SHA256
cdd948dd241a35d4ea7b0dfce3ad5028821a47066c4ff8fa8d7e0c5154519686

SHA512
af8d499db0c70b10388ebab0ebc9d12c7902b4f2bc65fbe0124b9d3de008558d15b0212fc31ac131f0ee7feba0744bfb5e63b68d1110df1669a75b6fb077e92b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit