hxxp://t-moblle-account[.]com/

Analysis

max time kernel
51s
max time network
53s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
04/10/2023, 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://t-moblle-account.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133409085435435548"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2496	2708	chrome.exe	70
PID 2708 wrote to memory of 2496	2708	chrome.exe	70
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4492	2708	chrome.exe	72
PID 2708 wrote to memory of 4376	2708	chrome.exe	74
PID 2708 wrote to memory of 4376	2708	chrome.exe	74
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73
PID 2708 wrote to memory of 4740	2708	chrome.exe	73

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://t-moblle-account.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffc0a59758,0x7fffc0a59768,0x7fffc0a59778
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1756,i,8009870701884586430,16979283287675214683,131072 /prefetch:2
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1756,i,8009870701884586430,16979283287675214683,131072 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1756,i,8009870701884586430,16979283287675214683,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2692 --field-trial-handle=1756,i,8009870701884586430,16979283287675214683,131072 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2676 --field-trial-handle=1756,i,8009870701884586430,16979283287675214683,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 --field-trial-handle=1756,i,8009870701884586430,16979283287675214683,131072 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 --field-trial-handle=1756,i,8009870701884586430,16979283287675214683,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3712 --field-trial-handle=1756,i,8009870701884586430,16979283287675214683,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1756,i,8009870701884586430,16979283287675214683,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1756,i,8009870701884586430,16979283287675214683,131072 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1756,i,8009870701884586430,16979283287675214683,131072 /prefetch:8
  2⤵
  PID:4592

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8dec1085534398a5d7ddbee6df137abf

SHA1
8801906354afbcf06a501ed13683e79e95401785

SHA256
2d49f6cebd57108235e0d5ac2945e65bf175fe7e3d557ac566a5292c69af49b8

SHA512
2f83aa314b9a474f724a5439b83713483be4767b05d40898adf85587210c718b711cd75dc35fcd18416de62a9011b70acaf1617d8b7b3c77e0a0cdcbe5d441fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d9eec66a34f6cc0a96c14f71f8cd7bb3

SHA1
73f71b3701a5f4deb024e107c8ba2d57e805c3ad

SHA256
153a709a48632635d59c208d9a5fb73866603b526bb863fc70f87098b40ea530

SHA512
9bc002ab28270b23f145b99684191e5aab9abf208b401dc9c16fcdf2522ebc3408b729a1b81385a316e5f98755ec810432e01986325e6aa8fc37ec0ea59e4070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1954e949398b833f0479a2fb9281aa3f

SHA1
2f0eca0d61c954115c072185fdde9da18bc69666

SHA256
80341e2e6c8995b825028416050bfa45c56df445448c0f87115bbb7eed26d691

SHA512
c633a886015422282e765ef37880512c28505d22306b5b86fe844047a504655b315af5dfbffececceede736ba35a31a97d8b42ec15cc0a90e63521022cd37bd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
18725cbec9ff53440d3a0c3dbffad76c

SHA1
e556181d288f3acda4071f036c8318e84b8cdab5

SHA256
1cece4acad02dc84e22e7952b1f54f3e861afde2b95cf410e06b8b97eb2e73e9

SHA512
55b1cfb265d97623cd91bbe877a872d18a8e17e1e5424b8e74e9927e1e779e82bdce359e0c5b9160e3283002660c9fed97794282ff823e5440a04b84f48529b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
3c94444a9033ff45431db25ccc927809

SHA1
7ec8fc2f5d08c442a3b882aa6ad4449c5fa6b4ca

SHA256
6ac07764b1b3fbf04b072bd65c3e54d32661a5b287cd52876e5acf16e8536a5c

SHA512
213a73eb9bfaddd5b256c1f0c603e03d484f17082a4e8de3c0aaed40a59929564ba69d1580d72aa5e38de1306d93ee4d085341cd2452e94f8d8bdc312d8548c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
c49201c50503bba97296ce19df5a31e2

SHA1
bfefe21e43912a1096c90e205d67b1c65b75ec21

SHA256
43574f1e4ee8c03ba79e15ced6a89a4ea82e3021ee0d840a30e10985fe3dfccc

SHA512
a5d240fb7863b02627c2a3b94cfc5f0dbd792e497e4bcc80c3a57ff632dcf68b2f256c87645919ffec3d9a80effc03d0a094bec97218c4139d2fd5416b528896

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5836ea.TMP

Filesize
91KB

MD5
5d11303f78f79a268a7fcc3bd108f386

SHA1
2cf13fd5240fc5cff3966ddcecc301170ca727d8

SHA256
47c059662e417fad94695bddbcd42c0edcb4e17e3cbcf1aa72e71b2288eb7fda

SHA512
07ce16db04122d2d6db000a274d6d051aa1022d85348182172352ff40c3349eb702a6e59c96da2b4fa7790b4a15c1731d6033c3f0078c5a6b73c7bfb7500b9f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit