hxxps://mensportparameter[.]shop

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2023 21:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mensportparameter.shop

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133413620334081325"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2944	chrome.exe
2944	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 5084	2944	chrome.exe	55
PID 2944 wrote to memory of 5084	2944	chrome.exe	55
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4208	2944	chrome.exe	88
PID 2944 wrote to memory of 4204	2944	chrome.exe	87
PID 2944 wrote to memory of 4204	2944	chrome.exe	87
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89
PID 2944 wrote to memory of 4624	2944	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mensportparameter.shop
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff942869758,0x7ff942869768,0x7ff942869778
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1884,i,4498964579867178368,1568231471342850994,131072 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1884,i,4498964579867178368,1568231471342850994,131072 /prefetch:2
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1884,i,4498964579867178368,1568231471342850994,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1884,i,4498964579867178368,1568231471342850994,131072 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1884,i,4498964579867178368,1568231471342850994,131072 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4056 --field-trial-handle=1884,i,4498964579867178368,1568231471342850994,131072 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3396 --field-trial-handle=1884,i,4498964579867178368,1568231471342850994,131072 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1884,i,4498964579867178368,1568231471342850994,131072 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1884,i,4498964579867178368,1568231471342850994,131072 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4156 --field-trial-handle=1884,i,4498964579867178368,1568231471342850994,131072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3628 --field-trial-handle=1884,i,4498964579867178368,1568231471342850994,131072 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3956 --field-trial-handle=1884,i,4498964579867178368,1568231471342850994,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1884,i,4498964579867178368,1568231471342850994,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6a4d1e7da8c716a96ce45cfbb150d690

SHA1
f0b314ac545beadeea8d0016620280146ef587a1

SHA256
e40583468ef08b5260adccd2e2fd9ee77d6c791e21b9cb04fbd4e25565931855

SHA512
95ecda5cf32f9d7ed1397c28f7f4cfd4b75a09b79281665ab35204d9a4534ee7ff5ea082b60b5d39a74fd81906531fef454b6f586d17e7c88bf2bb118dc6ab49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
76c8d816b8b94577c37a9b0b99b21a6b

SHA1
00b5355a82ce5215fb0e45bd8b777e9893926ae9

SHA256
5e11fc116b3879df145062766c552ae437a0f47bfa94fc1adbdd98d55cab33fe

SHA512
7f9e45f59b0794502ebc9de9c68a7c687e8a33b74ba546fef289b017ffe4cd7cd7e6c2ca11b474dc66daa9719251e0049ab58e1fa58b96618eb316393973952d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7867d2b8272eeb35dd4c16045ca9f788

SHA1
953077646a09508f43b3be7cab412f90effe5aa2

SHA256
d7830d11f27746701ece75c429968920afe9fc7b1c99e834c9f0951edfe82bf6

SHA512
62b09abbb5b06d691c76dddcdaf8d44836446efa485aba13be01df0d008f847df46cdf365bddea59e559f6f59698b37341f9fb16cbc27387bbed2891d9ae8199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
2a1c1ea1ace3bcc3f5d497f6b238297e

SHA1
e9a104d814f40efaec0dfe505ddaca8e7b605895

SHA256
859694a46c22fce6d76e6b6c4c8c9deb25daf27fd5f65577582d9549c3e6cf53

SHA512
53dfdac561074aa5f5ac9a8372dec9e338feadada5aefc665aff3ab435d5561b4bdc54eba51b2254beded3493a6d43b534fd3d14754a7e80dc78befee1e23e05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit