hxxps://sephione[.]web[.]app/

Resubmissions

03/10/2023, 22:07

231003-11qytshf78 7

03/10/2023, 21:55

231003-1tam9sfg5z 7

Analysis

max time kernel
1800s
max time network
1688s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2023, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sephione.web.app/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133408444739888463"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
892	chrome.exe
892	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe
Token: SeShutdownPrivilege	2296	chrome.exe
Token: SeCreatePagefilePrivilege	2296	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe
2296	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 3988	2296	chrome.exe	68
PID 2296 wrote to memory of 3988	2296	chrome.exe	68
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 432	2296	chrome.exe	87
PID 2296 wrote to memory of 3540	2296	chrome.exe	88
PID 2296 wrote to memory of 3540	2296	chrome.exe	88
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89
PID 2296 wrote to memory of 3904	2296	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://sephione.web.app/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe10a49758,0x7ffe10a49768,0x7ffe10a49778
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1860,i,813871773532663847,7866672401220724234,131072 /prefetch:2
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1860,i,813871773532663847,7866672401220724234,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1860,i,813871773532663847,7866672401220724234,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1860,i,813871773532663847,7866672401220724234,131072 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1860,i,813871773532663847,7866672401220724234,131072 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1860,i,813871773532663847,7866672401220724234,131072 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1860,i,813871773532663847,7866672401220724234,131072 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 --field-trial-handle=1860,i,813871773532663847,7866672401220724234,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:892

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cb486da7efb4bc85f0f5823760e79b1f

SHA1
b838efdb7e7ccf6ee3b2074b0f4ce8fbddd88cc2

SHA256
f9018b4e7d2053f3ca3055540a3cfb2a22651c64c5a32180732073707a3d7e3f

SHA512
8e3211bafb8f8fe62132e4cb1b2acb7cbc54916270545acf53b0fa98bfabce552cdf493cd42cf248679cac84a2fd75e71aa91ef358a133e30e2dc1d80b34a980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
178a650206eac3a6a9f00fd67701e7ee

SHA1
20bf8bd4c753f4c6275e97dd6594d7c4964ada6a

SHA256
2be62a2f55a2f3db059b396997db6edc707952cd7d37d62747fd7ab239664805

SHA512
e3478db27cb7ae95a909055852e860ee68b5e6351f5f1c2a3f439c342ac8564390324ff21bf235ba366026c255d40946af182aa4e8923edb8e46de59200b182e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
107b3e62d958c81caed5d360828b63c9

SHA1
63093cbd9cc8cb80cfdd8314b5cbf3615a7892af

SHA256
02384c507ef14311ed7e07d8e1c6670d8e949368a83096287c82a9926c6b8dff

SHA512
9375babf34c1854b5011f6e3a27ccb02b0b51659f3af2b84acb890ef54bac0e2a7b13dcebfe809296b8e8f48f6b3d23e9a4af4ba8540a7db11faa0372faa06cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
2407d1e53904e682a434c9c75bfa81a2

SHA1
298edc0024fb8bc22c5554ef617a7d9ab9f3e531

SHA256
94756a0436c37a7404031d2168c2c7e4b1fbe26310ec76da64f6ff5fd9148ad7

SHA512
56b4c58ae496c4638aac671823de9ec9d75c30c3f7e08120800fddcfe20d1a069e7fc2b042a0b5b0acf6d2e4d8dbe21c5424a9dd9ac62fc49be73c588e5fb294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit