9601b58a0ab717218a0ced26d48017b6c85f2c0e44474713fe06adf429449479

Analysis

max time kernel
1801s
max time network
1691s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2023, 15:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

apex-legends-1000-apex-coins.html
Size

82KB
MD5

3a0685ec81eca4c7114bf3ea043f982f
SHA1

0efcaa9b0ae21cfa9ba2dc12a1bd4a92ce6c9cf1
SHA256

9601b58a0ab717218a0ced26d48017b6c85f2c0e44474713fe06adf429449479
SHA512

212f846f28b2b8733c405da454ae2c703a3c3fb6d9f32d3f47d2f4ddace7520f8963339aa29cf9df54b640067f68db32f279c245e5f309d6187895dbc3ae5d05
SSDEEP

1536:rv7C3kAyq3JM+r3LKzubICFmxKesvxbyyZ6UQ4NwrU2YFVLd5QUShaU8x+tf6mIj:rDjA93yU3LKicCFm7U26lPQUYyx+kmWv

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133410788832052763"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
376	chrome.exe
376	chrome.exe
3120	chrome.exe
3120	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
376	chrome.exe
376	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 1076	376	chrome.exe	30
PID 376 wrote to memory of 1076	376	chrome.exe	30
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 2880	376	chrome.exe	87
PID 376 wrote to memory of 3632	376	chrome.exe	89
PID 376 wrote to memory of 3632	376	chrome.exe	89
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88
PID 376 wrote to memory of 536	376	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\apex-legends-1000-apex-coins.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cedc9758,0x7ff8cedc9768,0x7ff8cedc9778
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1968,i,2347550930965599894,7718764138229854146,131072 /prefetch:2
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1968,i,2347550930965599894,7718764138229854146,131072 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1968,i,2347550930965599894,7718764138229854146,131072 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1968,i,2347550930965599894,7718764138229854146,131072 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1968,i,2347550930965599894,7718764138229854146,131072 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1968,i,2347550930965599894,7718764138229854146,131072 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 --field-trial-handle=1968,i,2347550930965599894,7718764138229854146,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 --field-trial-handle=1968,i,2347550930965599894,7718764138229854146,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3120

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8b93e027764767be21a80cfaab54731e

SHA1
cfd6607ed29ff05625fc4d370d253b6f1b72a63a

SHA256
bdc387caa7fa294ea22d75ab7f4e91df6f16d8e4e54ac5ba1654085ccd223f2a

SHA512
bd6a4dae566d463c740af5ef6d500b609e94821af369362efdf191adea66f10337cea601e99ead90adb4f73040ca8a418168262bb15c89b72cfc3d95513a1992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
14b73623284d5f13fc22a27f1bf44d71

SHA1
28024837f54e891dc8ee1331ab8078118cc2ae0f

SHA256
2b091b65a8560b79ffc0e56d06b0af2b44922ee46a2e997fc0b755dc74ea837a

SHA512
55c31636e264b17ca6296bf2e551cbe0f3035182dc46d8cd8c085c9ff899ae77297fd68f5cd11ac45522aa4948c2111e922d4984bddc48b33bd8daf80c72f5ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8743fe1e31a0cb1683875679c3497d46

SHA1
bc5313f78f190795ee54742a6c9d363a30612b50

SHA256
aa62dceb0c3fe535106a63dd0768e1a2271b0a0d7baf0dc346431ed5b5e7d2ae

SHA512
8a3ec618b2d2993bb6115f8a679aac35f9c21a670338c00b97f81cd3077e2a7f6676f46f2c8dbfb4683236ef12c4bd61b2ae98400107ebd1e0529ffe220a6f71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
c93b13ec31d96450cb8e93f7d32b0630

SHA1
45a38f06c7faf8436b585a4b0828cdddc0b3b68d

SHA256
c3305b12e81e6785b7c0868e50f30f0265d1565d86c793032d9850dd9fc45524

SHA512
1fec54605097ef647c6892225999c8e9a343e5ac433c716d003dc3a5be90ec748ed410f853b5a9b8f8ab43cc78a598064ec5d861da09044a642b73a9ae5cc3c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit