hxxp://amazonascash[.]com

Analysis

max time kernel
101s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2023, 09:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://amazonascash.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133409725124438663"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 1632	4328	chrome.exe	84
PID 4328 wrote to memory of 1632	4328	chrome.exe	84
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 1992	4328	chrome.exe	87
PID 4328 wrote to memory of 4116	4328	chrome.exe	88
PID 4328 wrote to memory of 4116	4328	chrome.exe	88
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89
PID 4328 wrote to memory of 1728	4328	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://amazonascash.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccb4f9758,0x7ffccb4f9768,0x7ffccb4f9778
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1892,i,4344276092760751690,16558721589562784002,131072 /prefetch:2
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1892,i,4344276092760751690,16558721589562784002,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1892,i,4344276092760751690,16558721589562784002,131072 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1892,i,4344276092760751690,16558721589562784002,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1892,i,4344276092760751690,16558721589562784002,131072 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1892,i,4344276092760751690,16558721589562784002,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1892,i,4344276092760751690,16558721589562784002,131072 /prefetch:8
  2⤵
  PID:616

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8841c82a-9c4b-4b7d-82bd-2bd47293269a.tmp

Filesize
6KB

MD5
f9e731b85737e2b4907ac443660f67d8

SHA1
f0b33b9716ae1469d8b49a3092fd2b5296b4d0a3

SHA256
4e657bac698570fd3526aae0165e0587474be926f02d33437de666fdd00709c5

SHA512
ccef3d6ca366812baafb4325b63027232f6e11a6e580c4443e4a6893028a1f98cd9ee8ca3a5f9e00062260dfca6a46c4937d303b7a5fd3825234e99d0c1faff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
12f8459b6ca1aa43eb59207321fae586

SHA1
832535ae32a539f0eb05a6dc9e25f29f44120318

SHA256
0c50a4da892f5a3a68834b7735a741a5df6e41441e302e73b876e8af78b909e1

SHA512
873d3d9affe3e0ff730782ad382478ab62a4567514e175dbe1e064a935a16d0fe5856f8eeff4634b35c28b10a4235c311accfc482c6ce492a9c90ce76d6a2732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
c229fea1d11dafb908e106b911750b2f

SHA1
0679739f92a09b1dc7f5ca92ce1c48c43a8c18c7

SHA256
b4bb00a9ed7b2ec9d5979922322bd326ff184cbdf2b456b0c3e8327bd396f96a

SHA512
766b9ce0d88612e3f2dd9fe5baaee1ac7838973ce19a03501ba19e4d35f51d43c1b146f912e2400c4f8f46385e92df5744d71568fe1978c63f8d686875fecd3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
1e550efca1a2dc990d2f03f21e164c22

SHA1
b5a13eb0fb457f27265a3a125de896753187587c

SHA256
9db2b875bc03bcbda423dcc10154e0e3701a7ed970c68cad5bdd914f0c4e299d

SHA512
13ca23947d3385a4a4976f5d199327f24ad17b8df66658c3b1dc70c15422cea1a31ddd5463c2959a272d40748ff6c4ed6ba94be56c45907fcdeec2cf668f1af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit