Analysis
-
max time kernel
150s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
19-09-2023 16:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://t.sidekickopen01.com/Cto/I1+23284/c3ly-04/R5R8b43j5W1c1kQG19zt3mW1Vqq5Z1Q6fcSW1V2Xvj3BQrc0W20ZYy33BM1xwW1QrGcT1TJh7FW1V0MQZ1V2lXPv25tnj1_m1
Resource
win10v2004-20230915-en
General
-
Target
https://t.sidekickopen01.com/Cto/I1+23284/c3ly-04/R5R8b43j5W1c1kQG19zt3mW1Vqq5Z1Q6fcSW1V2Xvj3BQrc0W20ZYy33BM1xwW1QrGcT1TJh7FW1V0MQZ1V2lXPv25tnj1_m1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133396159989023367" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2660 chrome.exe 2660 chrome.exe 4596 chrome.exe 4596 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2660 chrome.exe 2660 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe Token: SeShutdownPrivilege 2660 chrome.exe Token: SeCreatePagefilePrivilege 2660 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe 2660 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2660 wrote to memory of 1252 2660 chrome.exe 61 PID 2660 wrote to memory of 1252 2660 chrome.exe 61 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4248 2660 chrome.exe 87 PID 2660 wrote to memory of 4476 2660 chrome.exe 91 PID 2660 wrote to memory of 4476 2660 chrome.exe 91 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88 PID 2660 wrote to memory of 4732 2660 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://t.sidekickopen01.com/Cto/I1+23284/c3ly-04/R5R8b43j5W1c1kQG19zt3mW1Vqq5Z1Q6fcSW1V2Xvj3BQrc0W20ZYy33BM1xwW1QrGcT1TJh7FW1V0MQZ1V2lXPv25tnj1_m11⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2660 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffb86329758,0x7ffb86329768,0x7ffb863297782⤵PID:1252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1860,i,7777973158072490603,4185099912363301102,131072 /prefetch:22⤵PID:4248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1860,i,7777973158072490603,4185099912363301102,131072 /prefetch:82⤵PID:4732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1860,i,7777973158072490603,4185099912363301102,131072 /prefetch:12⤵PID:540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1860,i,7777973158072490603,4185099912363301102,131072 /prefetch:12⤵PID:3980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1860,i,7777973158072490603,4185099912363301102,131072 /prefetch:82⤵PID:4476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1860,i,7777973158072490603,4185099912363301102,131072 /prefetch:82⤵PID:1452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1860,i,7777973158072490603,4185099912363301102,131072 /prefetch:82⤵PID:4404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2332 --field-trial-handle=1860,i,7777973158072490603,4185099912363301102,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4596
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4360
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5b0d0c8fd559c8b2a0c2a384d14ade507
SHA129bcc9f7c65f21d1d184b2e801d792daea67187a
SHA256c595bc2a1fc08e02f9fd09ad781eec7f2b1598d4d52a7961d4da7ff02824ab3d
SHA5128fb5f9b87dcec1b62ae49aa40ad125cbe6f8bbd7a45fb360d12df5a0502d9a03860b1511c9cc0b60a61bbd9d23383a5ea7a935d42d768bdb9e486f0b57e72268
-
Filesize
6KB
MD562906db1f0194572b2981c3efe2a26ae
SHA1dd174762e3a3cfdbf0fd23a92a049579345ea853
SHA25627eeaebaa1297f0e5424c11ff568df5866f707dd05ea7f5e3b32a0972f3b991d
SHA512281ef92f7a52a9269968a0c27c27d4df4455f548469fb2b7add055f2e0631807d586b365e41d3f3f9c58f3ba77a448e03afab2fc9294729e5ad420a90a77af47
-
Filesize
102KB
MD5b91d03cfa77a5e5794df74b0e5a97809
SHA1cb73b24f1e7bc4e3b09cd653acc1bc0930f84b31
SHA256b264fcf86a97e8b1d0499727568421ed4ccc3d722cfd0cb7e275b1e71ecb3355
SHA512c8b54ff01fc82086ba80b1260167387a58700f653e699c8dd2bbffd21c83207f8ff813dce5551816527e42e1717c3bda6ede9e0d6b3be438c62eca46b34ba736
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e