hxxps://www[.]user-account[.]net/c0752a28b2da914a?l=8

Analysis

max time kernel
151s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2023, 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.user-account.net/c0752a28b2da914a?l=8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133405827297367358"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1592	chrome.exe
1592	chrome.exe
4308	chrome.exe
4308	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1592	chrome.exe
1592	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 4276	1592	chrome.exe	85
PID 1592 wrote to memory of 4276	1592	chrome.exe	85
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1604	1592	chrome.exe	87
PID 1592 wrote to memory of 1324	1592	chrome.exe	88
PID 1592 wrote to memory of 1324	1592	chrome.exe	88
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91
PID 1592 wrote to memory of 1388	1592	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.user-account.net/c0752a28b2da914a?l=8
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88c119758,0x7ff88c119768,0x7ff88c119778
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1860,i,16112066481328760057,16988066052098811411,131072 /prefetch:2
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1860,i,16112066481328760057,16988066052098811411,131072 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1860,i,16112066481328760057,16988066052098811411,131072 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1860,i,16112066481328760057,16988066052098811411,131072 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1860,i,16112066481328760057,16988066052098811411,131072 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1860,i,16112066481328760057,16988066052098811411,131072 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1860,i,16112066481328760057,16988066052098811411,131072 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4640 --field-trial-handle=1860,i,16112066481328760057,16988066052098811411,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4308

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
588a137d18c8a72012949a530d2d5671

SHA1
3737204f6b7aba01ef41f6e96345bdf9a130135e

SHA256
be773ab4715c0ba9e553abbb3bcfacb92b792a6d54a0ee1aa3a0d4c87a32edab

SHA512
ecf9ae7b8344b0f75e30aa60e03ef8b555c08293c813a5175bf0480ea62fcf07220d9a819ee76a8910f15a8d47d00809e625b7df183743d2bb11a6f0bced0957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
abd5cd430131be9ba3a1d6d67e33a179

SHA1
6e5d30539d71f1ce65ba8ffe45f2b54bd593ec91

SHA256
4fe7feb7926fd5ee3c05abded44aa20918748b0bcc595adc75b9afef2a8b5147

SHA512
03da893863e313a1865d55531ef684dc2b54e23c5010f9e231135a81adb4be4f7c5c8394ff83b31be2849643598a0e4e8625a53137f7d045691e64b271e05f58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1159697a908dc8c40169e38c7f962e75

SHA1
f338c87f66e16dc051db47758897ac6ee637175d

SHA256
fc5f6ef9cb5841b687ac2189dc397bbba9508336626b2a833c81110269823a14

SHA512
2dabfb90e18c555eb30bea9812dfae929496e240f2829a03e268c9163b2c8f113dcb0584fcd18c56bbf450c1d2dc1e1206318de27861e9fdb27770c8dad13192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
d6b9f45fa0ebf0ce65d5aa089cd3a360

SHA1
7b13b7fa29f36a6392c7334339fbfb4e608a55e8

SHA256
cee91ace40504e40d997cd3eb3ea685ddf760081493c65b5ca4b0b91048e738b

SHA512
207b406ee4c18656b10a94c66c78d24886c16d1def5f2aa386dccb5b066fca57c47fa3f5c9483454df381957fc5c56c28c2c1169fdd3d40f84a74ee8edac4262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e4de2388d05d1b9a8ab1acd3ad362fa1

SHA1
e9cf597641bbe17a1d6fb555b9273046a4e11521

SHA256
475bad559894e82f993151e9ca7ea217807d2c904d61eab77ea361f64cd59c73

SHA512
94864a729c074ca42a71ecc284fcbefb78fd2a7bc8f7150007792a65d2ae9548df0daf76baa6bd53908558589e7af483b420f06a8f0193a615c985bfede2b22c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ca5100c7c87509c8befc9b4398dff250

SHA1
695e0b3e5cf76f9ad22403a9cd55ee6766b1eacc

SHA256
62b46d5cbf392851a55b5754585e16e17be8b2d0a189ae6aa02068ef7996a1bc

SHA512
09968ee57c5f81248a90e015af049ea23060fed37d16bee9108e367838cbc8f2cc715ec6c29f0ee2624f70508f2bede679ffd1963cd0cdf8ad6535987c77c58d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f6f2f2eb7244324633d93eedf471e620

SHA1
9192aad2bb158a87c4464fcb41aaa26b0edf79d2

SHA256
312491dcab2797ae0850a735ea1d490f00d71324e61234a42801801bd6d85941

SHA512
ab579bb7909a827210f92349294f769a52903937d66637a3ff832e3a4619d1e6927649dd40534f8439582aa3acfb140852523a91577cffa7d768d4b37400cac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
ba85a80a000ff32978752531de6504d3

SHA1
fd1861005b660903f702443d0b2d965f4a0e1fda

SHA256
d2df00d1fa8467517d80ab4e5a5196db95293080187ddb8c5852c905bb6a7c55

SHA512
3be87632013e2cc5071c0b5976680009d68b65cc46f10e16a67ac8a20e9921de94677bc23fc6c58086e2cea097ed467e01b5277635ce6d59d302f0b097675b16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit