hxxp://www[.]modlily[.]com/orange-patchwork-striped-long-sleeve-cowl-neck-sweatshirt-g337781[.]html

Analysis

max time kernel
19s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2023, 19:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.modlily.com/orange-patchwork-striped-long-sleeve-cowl-neck-sweatshirt-g337781.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4060	chrome.exe
4060	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: 33	4716	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4716	AUDIODG.EXE
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe
Token: SeShutdownPrivilege	4060	chrome.exe
Token: SeCreatePagefilePrivilege	4060	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe
4060	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 3460	4060	chrome.exe	31
PID 4060 wrote to memory of 3460	4060	chrome.exe	31
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 3872	4060	chrome.exe	88
PID 4060 wrote to memory of 468	4060	chrome.exe	89
PID 4060 wrote to memory of 468	4060	chrome.exe	89
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90
PID 4060 wrote to memory of 1568	4060	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.modlily.com/orange-patchwork-striped-long-sleeve-cowl-neck-sweatshirt-g337781.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd48409758,0x7ffd48409768,0x7ffd48409778
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1844,i,6503905793411766007,15017608516574206529,131072 /prefetch:2
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1844,i,6503905793411766007,15017608516574206529,131072 /prefetch:8
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1844,i,6503905793411766007,15017608516574206529,131072 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1844,i,6503905793411766007,15017608516574206529,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1844,i,6503905793411766007,15017608516574206529,131072 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4668 --field-trial-handle=1844,i,6503905793411766007,15017608516574206529,131072 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3432 --field-trial-handle=1844,i,6503905793411766007,15017608516574206529,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3452 --field-trial-handle=1844,i,6503905793411766007,15017608516574206529,131072 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5364 --field-trial-handle=1844,i,6503905793411766007,15017608516574206529,131072 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5536 --field-trial-handle=1844,i,6503905793411766007,15017608516574206529,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5848 --field-trial-handle=1844,i,6503905793411766007,15017608516574206529,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6056 --field-trial-handle=1844,i,6503905793411766007,15017608516574206529,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6476 --field-trial-handle=1844,i,6503905793411766007,15017608516574206529,131072 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6480 --field-trial-handle=1844,i,6503905793411766007,15017608516574206529,131072 /prefetch:1
  2⤵
  PID:4596

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2108

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x44c 0x494
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
62286a3b552d06c2d1410a5cf62ee83f

SHA1
ec33db3b7056e39eff1ae6d3c12bd984dac150d4

SHA256
e6316ed4908e91fc121f90ba4695f579dbfc3346d191dfa5229a4f61deacba50

SHA512
3fc57607364417950938aa3d82f676c7ae18b42578ef7b56f0e6c9ae160c348a920792675cd47e1f325e04cdf772882460c4f2edffd3514ec7c4b729dff84049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
938f36d0ca467ca638ba6906b638e081

SHA1
22db0dacdbcd231335df00b53c604c98b2361c74

SHA256
16525c0770cb0fa430df9795a7def43af487e69dcd4600ec72eaa3f50c52b936

SHA512
0621689fc2ee2c17f049a441e2960d2dd9b0ae2b33e44da0e708e155597723431d0edf7c8fbd01944f2624451f43ddedaf768e0d97907696d6d471853803cb99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
1da6ba0e385635a581e4925324dced7c

SHA1
51fbc847907e8245cde453a2564ea438880d28d7

SHA256
3d966d9998136b8beb2de5130354d7869d936d5ec4106ed6f6a2d30561612164

SHA512
c73e28d4e1340751490863cc362ca9c491b95de85dcaad9dc05991b79bebb29d1f8172fabade76e0f1f6f1c211006bc9ca548350d5eb16a5dc6b15f3c311a6b0

Download Submit