Analysis
-
max time kernel
149s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
25/09/2023, 02:42
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://aauumygov.tech/fliings/MyGov/
Resource
win10v2004-20230915-en
Behavioral task
behavioral2
Sample
https://aauumygov.tech/fliings/MyGov/
Resource
macos-20230831-en
General
-
Target
https://aauumygov.tech/fliings/MyGov/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133400833972591940" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1124 chrome.exe 1124 chrome.exe 3696 chrome.exe 3696 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe Token: SeShutdownPrivilege 1124 chrome.exe Token: SeCreatePagefilePrivilege 1124 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe 1124 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1124 wrote to memory of 4000 1124 chrome.exe 55 PID 1124 wrote to memory of 4000 1124 chrome.exe 55 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 4456 1124 chrome.exe 90 PID 1124 wrote to memory of 220 1124 chrome.exe 91 PID 1124 wrote to memory of 220 1124 chrome.exe 91 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92 PID 1124 wrote to memory of 32 1124 chrome.exe 92
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aauumygov.tech/fliings/MyGov/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1124 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7fffddca9758,0x7fffddca9768,0x7fffddca97782⤵PID:4000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:22⤵PID:4456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:82⤵PID:220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:82⤵PID:32
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:12⤵PID:1556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:12⤵PID:4900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:12⤵PID:2496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1636 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:12⤵PID:2996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5036 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:12⤵PID:1852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:82⤵PID:1876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:82⤵PID:4588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4964 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:12⤵PID:4480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3696
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3020
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144B
MD5d16e749304c0e10b1a874d7404179cf8
SHA120f6cfec95dbb50ae043678762b795c3ae300f5e
SHA256f98a94908a5835c44cf101bea39dfe35367a19ab73a869fa94096985acc39524
SHA512a0bbdbbee2f335814af912d5254b0b89f165ca2080c98001302967477c33351717742b6222b6e34abe4e93bd1cf291c2c94e8391b824febaeea7fc01dd8216fd
-
Filesize
120B
MD5376c70179ed8c0f85460268b3377fd49
SHA1d26047f01d79c96a0ae796bfeecc9f390f8659f5
SHA256c3e242d2b407ae19d2d5596dcbee023ac07ae8f09f63171f584f8c7dbf48b439
SHA512f16aa1b00dd7975ef810480fcfe8f4316c4f25b3f42e7d7b8a09102044dd411876a8f30dcfc4cc71997d6fe8e235007b0fb69cde8892ce2d513d0cf13684d8ef
-
Filesize
2KB
MD5dc7cece2592dfdfa73aa48b641dda55a
SHA1277babf817fc8c2917be5d9efb816c10968fbc16
SHA25679c3443a31dc0978e6cf71b0c2f03eee2603cb81890ae76263739b79f1de4761
SHA512b60a449566d5e6f2a645cb12f80c16351859cc16fce0ea0b9e972e48bd1bac8a9c22c112c5e8a8002e9b82529afa7b8252ebb157c442df1ea33d221f23bd6caf
-
Filesize
2KB
MD5d5709e8f3bdf3a7e2098527e9503546b
SHA10b00630f02821298f9b7a33b15088c10940ea53c
SHA2565330230789360706f2d8bbafc376fe556c13f75233c7037746272b5f32579a0e
SHA5127ea116eda1b63cd1e4300bc8168f9a8623d996aab67cad7977946b61ef3c871058676b28b5b9c50e73d174471634d03097eecb45a75185a832d0a2a5b7a12832
-
Filesize
537B
MD50af42450b1f49210681bffdaa130062b
SHA1ea6473671dc46c2ff2c6b0a83061cbd1f73c6a6e
SHA25616837c835d76ae1e23cbbe31bf99e0a3c2ff7976d03f175b8aee6b4a08f9d7b0
SHA512b15a3916805d898f97b8484ea2ab1464df1c8787a7cbf93207a8c38fe6fbe93124559a0b9059c3afd1f3005e5610124fc0eb8ee2c522078821566b11716df0e9
-
Filesize
6KB
MD5ca71c45c4844a97e85b27c28da76b6ca
SHA10b9a19c55a6a4d6324240bf2c5685840d1fe5bc6
SHA25653342cdbb8cf5f954c52496969286d370a7d888038c4f1565b9896ba07978c47
SHA512a5b879618b7158a38acda7f6373bd54799d242b0ecaad2590ad95299762caba23df55648719365171f1988ebea674f6a2398d7f34b66eebeb5729cc94bf3f956
-
Filesize
6KB
MD558de27271545c93fd5e5a3aa5dc074f3
SHA10476a2b199921c95a5f1a33ae7bef16e04413eca
SHA25697f8c05ee3e473e75211056912bc9c887a6a834f7fe01c7315df11ca0945a571
SHA512d89d9f9081488133d34411d52c5d48336b1a4847864be302ad5155280e1c11de5223be4517870acaa3dd45c4be42c83dabc36dd5622c0bcd179a32385e9c94c0
-
Filesize
101KB
MD52a6dbd48f2cf5ef71c9878920259d62d
SHA11e97c5c9ba6bd67c568d6eef46b3dabe53194c1f
SHA2569ba8e5c724890edd1aab6318c75fef4a639c3a43d9428dd99204cb675b3a9838
SHA5127c012a854574e8b7fbbc1b238ef21040ad20cba43beab584ecbffa415bce6241b6c2622baf8ba131537421990ec1a5337a7d507c927eda7d22ca705715599fc8
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd