Analysis
-
max time kernel
299s -
max time network
275s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
19-09-2023 22:07
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://url7964.eastdilsecured.com/wf/open?upn=onXnJGlRddgwjq9DW5HkbQuIXH4b5SeHYdaGgkIUEtnLVgPSuG-2FnMwoag2z6ZVchFCpIfWYctSAkzVW-2BWqzbXHr7HwnS1OeXFzp6sGxsstr-2Byx-2FdHBieZVzWtsU8G-2FTKQXIeKazlRvQ-2B6u7gRbFGhjVeLJXTSbForDJEZMu2-2FwxooYr5lO29SEPIVV9cJUTuxI6sArM3Sh3UXoNU658jApuksMuyfprZ9IbE1OJQI10-3D
Resource
win10v2004-20230915-en
General
-
Target
http://url7964.eastdilsecured.com/wf/open?upn=onXnJGlRddgwjq9DW5HkbQuIXH4b5SeHYdaGgkIUEtnLVgPSuG-2FnMwoag2z6ZVchFCpIfWYctSAkzVW-2BWqzbXHr7HwnS1OeXFzp6sGxsstr-2Byx-2FdHBieZVzWtsU8G-2FTKQXIeKazlRvQ-2B6u7gRbFGhjVeLJXTSbForDJEZMu2-2FwxooYr5lO29SEPIVV9cJUTuxI6sArM3Sh3UXoNU658jApuksMuyfprZ9IbE1OJQI10-3D
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133396348701776726" chrome.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4468 chrome.exe 4468 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe Token: SeShutdownPrivilege 4552 chrome.exe Token: SeCreatePagefilePrivilege 4552 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe 4552 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4552 wrote to memory of 3288 4552 chrome.exe 21 PID 4552 wrote to memory of 3288 4552 chrome.exe 21 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 1780 4552 chrome.exe 89 PID 4552 wrote to memory of 2428 4552 chrome.exe 90 PID 4552 wrote to memory of 2428 4552 chrome.exe 90 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91 PID 4552 wrote to memory of 936 4552 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://url7964.eastdilsecured.com/wf/open?upn=onXnJGlRddgwjq9DW5HkbQuIXH4b5SeHYdaGgkIUEtnLVgPSuG-2FnMwoag2z6ZVchFCpIfWYctSAkzVW-2BWqzbXHr7HwnS1OeXFzp6sGxsstr-2Byx-2FdHBieZVzWtsU8G-2FTKQXIeKazlRvQ-2B6u7gRbFGhjVeLJXTSbForDJEZMu2-2FwxooYr5lO29SEPIVV9cJUTuxI6sArM3Sh3UXoNU658jApuksMuyfprZ9IbE1OJQI10-3D1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4552 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9caee9758,0x7ff9caee9768,0x7ff9caee97782⤵PID:3288
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,15743893145553325056,12650808377201996113,131072 /prefetch:22⤵PID:1780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1876,i,15743893145553325056,12650808377201996113,131072 /prefetch:82⤵PID:2428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1876,i,15743893145553325056,12650808377201996113,131072 /prefetch:82⤵PID:936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1876,i,15743893145553325056,12650808377201996113,131072 /prefetch:12⤵PID:1324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1876,i,15743893145553325056,12650808377201996113,131072 /prefetch:12⤵PID:1252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1876,i,15743893145553325056,12650808377201996113,131072 /prefetch:82⤵PID:4836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1876,i,15743893145553325056,12650808377201996113,131072 /prefetch:82⤵PID:3036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3700 --field-trial-handle=1876,i,15743893145553325056,12650808377201996113,131072 /prefetch:12⤵PID:3352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1876,i,15743893145553325056,12650808377201996113,131072 /prefetch:82⤵PID:5020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5140 --field-trial-handle=1876,i,15743893145553325056,12650808377201996113,131072 /prefetch:12⤵PID:4828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4440 --field-trial-handle=1876,i,15743893145553325056,12650808377201996113,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4468
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4796
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5d09b667bc6922966f1f0e9106cd324f6
SHA17e8ec5fd41f61cbb590a941852d8a4f50696d96b
SHA256b108122310d492e0864be8c5f4adaf6dc964e51c253543c014f75c2e6d40c553
SHA5123f878847cb3aa59a7218278659753e18b50f102c59018f7e942f79297fc0786b93135d280754a49ff7bbecd8c22962cf21ae59d91644f232ec73cea0d2909610
-
Filesize
6KB
MD5f14f3af5ffdc9bdc6afe098702794dfc
SHA163c05e8e61e76060625978d183d4ed31a1f7554c
SHA2562316847eb62d4891e8784ee5bca885a1130b849044a61191c9a6cb2c1f1a9f3a
SHA512822ad406bc40b64d5ab3550a2d58ad1b953d86f38e22fd015f6fa9becb9a8ba61222180842f1ffcb3dc75cb490bd4ced067f3232e402596af24be6613a9662e8
-
Filesize
6KB
MD5606cefd9d72ad40bdb47bda0cb9fd693
SHA12ce6fde4aed755d95187e059a17fd3e7a485c3f5
SHA256a46389d0317e1024d62050c681d6eb773d75c129086dbc857fd6b2b174e80990
SHA5125c74c4e15d33ddf16143f1400938a6f7165dc25a7eecb08f8b04d81e645ff958fe10d17227ffba8a416fea2a34b2dd64b5abd9cf327234b5790d7120e584b4ce
-
Filesize
102KB
MD5dde4f9626c98cfcc9495d671f9105f36
SHA17d20674e45950ff06485779fbee3938d60875098
SHA2568f6fdff9740e217207bdfb7af939bcfbe24123a76e0924787935e7a4a934f27d
SHA512d9773db57aad67819ee5a8a8408986b341ae5f8368b0078977f8a9f60e0e16d5ddbafeb595abb44c89bec3ac9a11de9315d6e019243e73349306cbf16ac095f2
-
Filesize
98KB
MD56de253ccdd45c28c12d06a07564da9d1
SHA170dbf12c82ecfefdd4483f754fcdfce7df0a1a7c
SHA256b2adbb215f62fa1bc6f1c2bd0d53d7c7401dc28e98f9fed986790327ea79c09f
SHA51228b97c93e1e7f98b348ca48fb00f72ad412ef7fada1abfbc6694d762436e69c981cd323e1f10529ab82d3192f66bfe37d9a767dcfd8a4bba365fb8b468689d62
-
Filesize
97KB
MD5169df8e5adb9ddecc88b362d908dea48
SHA1a8b7fdedaf4a1e7cf2de7e8b897868807c3efede
SHA2569ba958d97ec05e24106c8dee013e7ebbc37e03448b9e6d3a9196bade0802dd6f
SHA512d38bf7bc80af353878c27ba1cc0fc80fb8802061e2805c82c1592d8001425ce1e593e62c8ef858e0652629b3edc72b3635c502b7046e787c6f977d5db6ca4ec0
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd