Analysis
-
max time kernel
300s -
max time network
295s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
19/09/2023, 20:06
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://jetstar-pacific.com
Resource
win10v2004-20230915-en
General
-
Target
http://jetstar-pacific.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133396276002624693" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 772 chrome.exe 772 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 956 chrome.exe 956 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe Token: SeShutdownPrivilege 956 chrome.exe Token: SeCreatePagefilePrivilege 956 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe 956 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 956 wrote to memory of 3280 956 chrome.exe 81 PID 956 wrote to memory of 3280 956 chrome.exe 81 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 208 956 chrome.exe 84 PID 956 wrote to memory of 2844 956 chrome.exe 85 PID 956 wrote to memory of 2844 956 chrome.exe 85 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86 PID 956 wrote to memory of 3560 956 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://jetstar-pacific.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:956 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc22d09758,0x7ffc22d09768,0x7ffc22d097782⤵PID:3280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:22⤵PID:208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:82⤵PID:2844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:82⤵PID:3560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:12⤵PID:4432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:12⤵PID:3976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:82⤵PID:1264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:82⤵PID:3840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:82⤵PID:4180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:82⤵PID:1992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2740 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:82⤵PID:4728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3880 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:772
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3912
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD5f02e47943762b6d8918c289301528ec6
SHA152ea2378364d38cd0ebf41d4e8a36fb0da364136
SHA25666520862ae7f50fa6dcfa73b6af78d13bc11400b61564bfe7bfdf99a201ccd30
SHA512cb294791f31fd1d8aacca6a1f8fce45174836a7cd5e9607d78840009072e017a593ee04e3fea2e8951fe932f3fb72ec4b8c9fd27fdbb107614864c93e2bb079c
-
Filesize
5KB
MD5eb9d273482748604ba6c31a3bc0f10c8
SHA155bfb9849e3e72da77b360d0857bca5a9976386f
SHA256227582855ef0d446d73207af8a6219e8f4ffec58bbea059fe48bfde658f010bc
SHA5122e862e7705563af877c9260d07d814dd8d34f3f39b56f1b40612947e64e57ebd63d0956e504bd0a65bdc581b49d59e7737a94cddc4e205908edb7438a890b8df
-
Filesize
6KB
MD5b49964cae5cc0a0f5ac7ebe425b884c1
SHA1742a30a0bfd863d8d568c962eaf823f4c6f80188
SHA256277755dd0747fe63a91818e7bdb9f45c496bc5e4b5764c99e30b957ac6fc8b21
SHA512dba5d41ffb462d36368e01a7f6260a1ecad7ca42f0ee8f0a6375e02a6bd9b69189713499c6165121b3bc4453e2dfbd95e8de8d1c076da54450419f7bce422a03
-
Filesize
5KB
MD534eeebbb243c457c7fa90ccbfdf19915
SHA1a3e1659fd2776bffffdde5d12b19cdfbed3278aa
SHA256d74c16361270ce7ef023a3e9e8fdf67626c0ecf3b0975484ef8738c8d632040e
SHA51263e87432d4435437fe57b9d5a1874133fa4872f79428ce61cc85786e9a2f37a9b6a869a07af90d31626b72cdcc87500f12056408725a73ed52595e2350dba1cf
-
Filesize
103KB
MD50ee1a0dd94e1bc0f5bf57ca85c745137
SHA193b65c0e0ba36708092a9adceb2376eb832ebf8e
SHA256ec996e50d056bb917b9dde3aa3329f168917510cf0e7c4aba5b77143483c378f
SHA5123a38f3b8349508a1795f717dc074185783552ef1dcc293b9162b82ad3daaed91c9bcdd7d53082c8e04888098e996162491469663f54147c61761363e320c2f83
-
Filesize
104KB
MD58958cfdf31dd4aa29a57a248e00ed47e
SHA1b31d27444f126242fbe7937fd2228bc47d66b3bd
SHA256dcaa0f7c8f319f3b4136889f224ecbd4832c2b0faea054b7c715c60f1100ac8b
SHA5120cda51ed0f94b9ca5f437d91493b2d2bc13789fd89ec647e7251f152cf5647b615f2475478b7cdb5778b3d1c5a41c8c68d067a907b804f6007ac5cbbf6866595
-
Filesize
103KB
MD55ae5691ee2222a69353f150b153b4481
SHA1629a17df5bb16e89f4dff0252d7858c2ce00cdf1
SHA256ba3f6a8376afdd60ea517c852bb8ccfb0274f9abf4c14f2836929b999f6c739a
SHA5126f60236e44c9ff1badb72a086de0a8446bebd1fb7ec41b0f3188302954d04609f9f919729583eb081f7deda535bc1dd4956f18c0d977cf29ec79762ac63eb897
-
Filesize
104KB
MD50c6afdd212a992fdb6456d7d117d25d8
SHA14c2e5082189c32ba3631da98e21c47db06827e9e
SHA25635662cd22a5b1d431440f3b272fc73b429d6a9632996a682fde72b334b8dfd0e
SHA5129fb50abe10727a2c18e5e9d01a94b45e8c347bb6f8531ade6befe10b81a1809b0b98bc726e79c73af06f508b6dee3dd59182dce95866101a9b2b1e179a6de990
-
Filesize
128KB
MD513e71f104952043b1c84bb2fc93d905f
SHA1c4648a9617eb713671c29a3a006fef4503de0725
SHA256144f4e8c363a50bef54729d454044f617ac40de163a73937c63fa7abcb50edc2
SHA5122fc7f0f303840759860f4bc21dce916fc17d5d77981c3e7006c6def80ac4643998fdb0f703ed1616aca18d9bda6d459efa9bd6ae36f6338c0ac7e0141c76dd22
-
Filesize
97KB
MD50396bbf29c8175104fc262a973b1a2ac
SHA1ba4fce2e5365b7dbd91fe15ae5725f7030abd0cf
SHA2565c08359729cc2cfbb869c4e2e4eb09349b07f8ed2f42eeadad43720ee6efe39d
SHA512224845e6ceffa2b6f8cd0bcc8ab9751d615ab4a7af70f42b43acd70b87e1e136718d329bc3475f8d58c486c26381ebca5ce252b5e2d08b29ac7facdc954a7446
-
Filesize
95KB
MD5e8deb9b0f6011389d2efc9ac7b752dc5
SHA1292c2d4d229566a4acdf6551dfcb920084d756f6
SHA256d54017ebe9064b81bcc37c6cdd0f94ce31e2f03314279dd7e3eb5212813d4a00
SHA512f1ea824069f72b6e943ec8577d07e37662e03706a2b55c9dd35f5587e2e9640efbab634038f3b66d09a04d03b1b148360c28e5ec6179edc2cd4246c196812081
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd