hxxp://qualityusedcarssales[.]com

Analysis

max time kernel
4s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2023, 12:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://qualityusedcarssales.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1000	2320	chrome.exe	82
PID 2320 wrote to memory of 1000	2320	chrome.exe	82
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 4076	2320	chrome.exe	84
PID 2320 wrote to memory of 1752	2320	chrome.exe	86
PID 2320 wrote to memory of 1752	2320	chrome.exe	86
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85
PID 2320 wrote to memory of 3388	2320	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://qualityusedcarssales.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8edd9758,0x7ffd8edd9768,0x7ffd8edd9778
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1864,i,4137099439895320556,1429673558141195250,131072 /prefetch:2
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1864,i,4137099439895320556,1429673558141195250,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1864,i,4137099439895320556,1429673558141195250,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1864,i,4137099439895320556,1429673558141195250,131072 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1864,i,4137099439895320556,1429673558141195250,131072 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=1864,i,4137099439895320556,1429673558141195250,131072 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1864,i,4137099439895320556,1429673558141195250,131072 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3996 --field-trial-handle=1864,i,4137099439895320556,1429673558141195250,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 --field-trial-handle=1864,i,4137099439895320556,1429673558141195250,131072 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1864,i,4137099439895320556,1429673558141195250,131072 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1864,i,4137099439895320556,1429673558141195250,131072 /prefetch:2
  2⤵
  PID:3624

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
a71f18ce95ca71ac5442537487258d6c

SHA1
6c8af905819058a76e4f4154f614dffb86fab51d

SHA256
440388813a59be149bc0e74c3bb3859843a7bb93244b5a153fc36af153c8528a

SHA512
9d82cbd0a2cd3c14561e08c01d70d3959d8a3f7ec3a485004962e77cbb199d21ff37e260a4abbf97de315255471a6dc6cdd0a8bae3876db54a01927f73da5175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2c41ff3f738391dd087252e26affef96

SHA1
7d366d603eb2e9c8c6edd4142a3d69763ec544d0

SHA256
f8216eab43a52bbf24e24d498f4914d5086d2d3f3bfa180a77714d6bb24b71bd

SHA512
b90669b11ee669e6141f492097a1bc3810e714a8e22c990798b90dcbebd7a10a4c3c9a2958ea940d027da01c6b0f5f78db6d3e479b583ea72f7f8c7cdfacd0ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
fab4322a5ff18dafeb66e040c6d33855

SHA1
707247e94168dae4914d66104f19a540145e3c55

SHA256
758713124609fe164b3c064c462cccecbed0ae9475406f2af15e05a2314d0faf

SHA512
c353ac40d9f8260a68ac25f7611bfe7e11e7bbac072855b2d3fc6797dfb9d9c1d264f3ac40de9472a78dba12300f969914383c477625a886e34032746b55fbb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a1256315924336bfa4894e22da7b51ba

SHA1
aef5d973e9c4a2207cec1391b7d11fadf6a0812a

SHA256
610b26993d7e6ae776ecdc23e3c32e8ad9af6060f91b6f80e77bc8a9c90fc808

SHA512
a67f0266635042d673d1b7d2929ce7043f50bc4d495489e5df7899e104d00b01a4995ab5354347d52532bebcd6c7630500f80c82489873ee3db5da9af73b8a8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2cedd86e0db1e97c7be82f49f198a6f0

SHA1
a468b94e6c55cbe8e97fe7e0e867ab04a461b419

SHA256
436eb8bc71838e89b65d9a9dc0fe9cdd629b04445d54a1fb253b6c2699e030d4

SHA512
93caa99377f164ae02248f558b3530946059237e520644e8709a085783294bfcef1a0bfa57b02728fce582fa1a7eb8b93247ded65f694b5edb8b15e8acdf3aa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9bbc5247d5f25618e3a44064c98f2f2d

SHA1
0af2d63a5dc8e044f42d8eadc2b9def8b0d07517

SHA256
de3131e9307555c4628e9b8eee3dac0e624a7b876baf4beb11825e134a5155ff

SHA512
1e932b1ca17431f66694c3216de90d86f532aac2772d7d829e4c0c35de7ca5ded565f0f8ce1141ddb1b56a2e6d5fcf09d7ff82b061d1a9fc5008c3dd423179b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
7a9eb372bb34c5cfee5ae8eac53f4260

SHA1
84bb01a2c44b1445712c52f3883fed4e78209b1c

SHA256
ffab5ce74a5cdcc67d5e5744873340053e7cd8168d6b4a3288addfa5fb9b1c10

SHA512
e7fcabf93bcfc6f4f0d8f434f4670e819f4627d3e57ee705e76c61ee56b5088f510aeac00344b0db95afa88fd9b98436e5b4c7e7c9db7b2bcc4c2ca20d9fdbc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
db976df31d47a877c78cb7e0d012af5f

SHA1
2848d0028f60bc024ce63e48f986c6da71d99762

SHA256
a9d1756f96331b37b62638dd997fd0b26bc617481d07e21cf86e365d1bffc824

SHA512
cc5c5242596d76dc974ee9d87891e9c58b6c5c70158498494f415841c0e98664e0df6eed54329a33765a94914bcd194292cfdc67427ea86b565fa94ed974f74b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
60fe4b49586b98343845ebea71583281

SHA1
3c3f3d7a3845634a8427c821383c49e40b970a00

SHA256
e238b29bfa9017e73949141480d9e7ca460fba0bba0da71230303c288de1c7a2

SHA512
e1390c037175ceae00a8d1bd6e730ca47171772215c11966d2b36a49b828c782b99f65d1c117e0095f56ba1672e0aaab6a9090cc8fca0cb94079f62e2ec71884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
b77ab2ad2b4165f346fa7e9048a4b513

SHA1
fb7c638e6bd343439a793025fa18098c3f9476f1

SHA256
f0011d8e702c84852e78308d2f90d02bfc4231553bca9607873d26ba946f34f3

SHA512
7202b4763b957d0eec5fe7acae190f7bcdd9dce26b36e2a447360610c7de42f525ca36e0c238cba71d3bbec2c975af047d7cddb305235586f47dfbb6340ade75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit