hxxps://aniwave[.]to/

Analysis

max time kernel
37s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22/09/2023, 11:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aniwave.to/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133398557596945781"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 884	5088	chrome.exe	46
PID 5088 wrote to memory of 884	5088	chrome.exe	46
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 1268	5088	chrome.exe	88
PID 5088 wrote to memory of 2952	5088	chrome.exe	89
PID 5088 wrote to memory of 2952	5088	chrome.exe	89
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90
PID 5088 wrote to memory of 2760	5088	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aniwave.to/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff9ca899758,0x7ff9ca899768,0x7ff9ca899778
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1704,i,2587461676982026118,12275074375042215069,131072 /prefetch:2
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1704,i,2587461676982026118,12275074375042215069,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1704,i,2587461676982026118,12275074375042215069,131072 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1704,i,2587461676982026118,12275074375042215069,131072 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1704,i,2587461676982026118,12275074375042215069,131072 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1704,i,2587461676982026118,12275074375042215069,131072 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1704,i,2587461676982026118,12275074375042215069,131072 /prefetch:8
  2⤵
  PID:2252

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f0769997247bd74a9abc87f07fe1fee3

SHA1
d4384172302638ce59ed4f9592cf32807a6eb363

SHA256
249078d496b4bc5e2a45567f000134b34bdd167e4aaf425d0b4bf2191ec54d96

SHA512
0b68ee06061962e4aa2bed2f91b3ac09fd7df3a18196b6e15040700ef9936f1a4c63ddea2fb52e98c22da99085375026a93fa9163485eb4cc818408bd31e728d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d82082d5612aff43851ac4433eb85e7f

SHA1
a1ff50bd8b72cdb39e340d191f2b0433f406f729

SHA256
3ceb0fb4650493e2dcd7208e32eb9d2d679ea321092342604bea1c6082a25338

SHA512
df007e3a13c1b43b96bc2f664358cefc42e1bc95bd9b56677bc300e279b6530085dacea4dfa2e3c8c7ca4c1b9a87837136680d2d02d46f3bdd42cadfac7620c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
39ac1be43dbbfef7507c3276be34b3e4

SHA1
0f1330f3016bedcacb10d5f89e45e4aa1f1a9b4f

SHA256
fcbea4201472f9600f86b366c463eaf724ec3cd327e03debd7c9756d79aee768

SHA512
97156fcdc9a39b393b564ea0eb4034965fd76021bfe823ec29acf705c2d7704c6fbf4d9fa5ddfd83b54fe1baf01c0b3e76e3cce4e6a5b1ce6e481ae7ba1e09a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\680cfcb87b62d0a977446671078501df7a3ec6e8\index.txt

Filesize
96B

MD5
2eb0176122586f355335ecd57661ab3e

SHA1
cb7d6ee1273a42b096c3a458abf44c8be33dbb3a

SHA256
7859be3f8d5d29177f54e428947f82241c984d13cd928e8f9e60150ff76c80f8

SHA512
73acecb3117ec36df6564668de8eb8c82245b712438f9507c13c85b7665c924fec86052aae5b49e09582d167fb51475458ff5764c9549f2e05d52cbf99573338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\680cfcb87b62d0a977446671078501df7a3ec6e8\index.txt~RFe57d254.TMP

Filesize
103B

MD5
d0422d588bde06ccd0665f0e612827e7

SHA1
a8a5bb1ca33adbb3e947aa2751f3452b27464fa5

SHA256
1f85b557f944aca3a3a11c33f77cf821a8afc8e5902b321fbd7679ff7459f34e

SHA512
2f7a90b08d501771cd0851e98498cb5b1a9fb25a88709e16b23965a7e003a2fc5a4a218c7ac89abbf1240cef970483c364e7778f44808b38bd53c2f66d20ec86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a17f43e964de0016395f52fd9a1218fc

SHA1
3451076a76913c9a3aa3100a1b453067a1be2062

SHA256
cbdcedc200fa3c0f26f3261cfa531dc1237594be5cc637dac46570416429791b

SHA512
04a3569dc1bd697ebe3ee638aabbf260261259806360659b71b8485e63a16e148ccfe33f99daa4b17fd84cad31dc740075d7f08a580c7a7ec38caa4c9012584d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d205.TMP

Filesize
48B

MD5
768db254cf88a9a2bb4fba8754875de8

SHA1
2377333c24d906bc32662cf7a30ed6068705b577

SHA256
ad8a5672509afbbec3646fb6c879f5c7b39b729648b84761e4febe1587268f80

SHA512
c43145864afc45c573378396c7cbd945c76eebd6ee520a15ab5d597f72ed5e904b3edc6c8ce176df647fce97f8fbbbd2eb85a9326597fd14e38eb3670e6d8759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
f82981dbc7e18954e707a7085d646906

SHA1
b7b889124267cf824b9cb300d07e66f6d6bf8aef

SHA256
a521eb1708c3cca3da85715ff40fab1d240def6a12693a08d8bb5fed1a791058

SHA512
d47124a642e982fe27bab54c93be351bb304b28363b7631ecfaee7df4180ac9af878c729b5a42a0ff2f57776d0fd717e255d53a201c8991c8cd3df9e85351d24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit