hxxps://tneslo-wone-acceo-app-ross5hams805668[.]codeanyapp[.]com/araliahnawiz/sms/vvzi/526342bd2dd668fc0daf37922d04e9c2/

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2023, 15:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://tneslo-wone-acceo-app-ross5hams805668.codeanyapp.com/araliahnawiz/sms/vvzi/526342bd2dd668fc0daf37922d04e9c2/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133413381682570111"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
2484	chrome.exe
2484	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 616	1388	chrome.exe	24
PID 1388 wrote to memory of 616	1388	chrome.exe	24
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 1360	1388	chrome.exe	88
PID 1388 wrote to memory of 3388	1388	chrome.exe	89
PID 1388 wrote to memory of 3388	1388	chrome.exe	89
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90
PID 1388 wrote to memory of 652	1388	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tneslo-wone-acceo-app-ross5hams805668.codeanyapp.com/araliahnawiz/sms/vvzi/526342bd2dd668fc0daf37922d04e9c2/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccdf89758,0x7ffccdf89768,0x7ffccdf89778
  2⤵
  PID:616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1824,i,2045745602461291529,532259176373710632,131072 /prefetch:2
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1824,i,2045745602461291529,532259176373710632,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1824,i,2045745602461291529,532259176373710632,131072 /prefetch:8
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1824,i,2045745602461291529,532259176373710632,131072 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1824,i,2045745602461291529,532259176373710632,131072 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1824,i,2045745602461291529,532259176373710632,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1824,i,2045745602461291529,532259176373710632,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 --field-trial-handle=1824,i,2045745602461291529,532259176373710632,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2484

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
4bfb060c6d4627dbde0692dd8e19155c

SHA1
268f8f782fbb29adddf02cf44dd01915f4b2cc2d

SHA256
890eaeaeb3606c04647eb09cb82808d9b9f8563471c4038744c5d8c464545f6f

SHA512
a3fb2e7ddeedfb25c961368505cdc67357c9d7d4b6f60abaa01b319ef83d5ef04f429836728407bbaef046b589bd5ca2eeff4208fcc9f718f3cf102f64e2c2d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
0e633e4722f15ed7d9843ca6bf5a7fde

SHA1
dddcc838024387382039bb0538ff31f4da25d244

SHA256
482b1fab3f4ec4c1c8928e4d61e84e735c29d65a897448aa7e2fad84e6597812

SHA512
576bb16a520b125c95c991ed833879072fdf17cf0b631b62cc0849cdf3b7790ef2c060e7f89affe2234943769664b69a6f53cdd9fea1c72b500302396ec7d339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
315ff70ba9f80d3a9c9564c8e6da1d35

SHA1
ddddb6a3b875331ee784d6b588dc2a1bc8556349

SHA256
ce768fbf9b6cd8bb092c5be07d631b858743943a65bd1fea4c631aa65afebef5

SHA512
ae0730e80fa6e5c995c6bd53665257d78994e7860510c88ef61fb2b37f58d828b94a9b66876a5a48b3a15baecb96781129ec2e184ea57383c6c8159f93262dee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d2323c9eb415ce4f20265c0e78a08142

SHA1
733ad3ebf9bdf1c3226c98fa9f20d2cf0377a5f0

SHA256
afa6f8d674b76ea6711ac5fc32424855b5291d30400cd15f1c47d0e033928d0a

SHA512
bd26c4c8eea265e3ea9385b8876cbf03c1eb1229a8a5117a3d7bd17e4ac2ce41ef9bef2ae1ad32b9449cd752329e24e23eaf52c8715dea7075917a253612343a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7c53eb2fa5f95b78345d7d99ceba1caf

SHA1
4f0abfc2ad1b07fbfc98b8090851345d907b0fa7

SHA256
5e0f4d8e942b65e5a6cd4bed2fa8c346cc919e9a801fc0f8b29a77b940343549

SHA512
04a0c0e10544a505d9311251d8d3f322dc08c06b79dd515d049d6f81a8c568a55d5de9024aa532cb889e18e21eb88a7ebc249d0f82bcc1433e31450e644c584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6976150caff705d80dfbedcbce9c5fce

SHA1
a9201a9b7aa6d631ce50ebe474a2338efd1289de

SHA256
5305a07c8d522757b5d83dee49a16c58aa939b4fdf120ce51cc9312f661436b0

SHA512
edbe1468c387ef5b422a149776ecbf1fec038002a10e16d151f40560c2b74e89cb0e8620e09be204beb2e04588908fde7f1ed37b5a16f3a1263246c359394b4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7156d49f4663dc1f569b6f879024564f

SHA1
e9115fbfbd70b606603cff0edb4d637340e9dc55

SHA256
dd422c764aaa0f05afd4e43ea2e8e8b29f449317dbbef09e965f503c975d2d85

SHA512
eeac9f6d14fe5a67c8a82723c7d879999a5f75049ca276a287eadbe01f27636c18317db125ac739f39a82f623bdc9eb3c9426d7d0f50bb404392218a968ffeda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
3e551bd20e34aa60ebe72518c8801bfe

SHA1
a533eec6e5a61b79491db82e9eafe43c8581f4bf

SHA256
411b5ae66d0279a610ec6d68924b4e71e7ceb7dc2745e8a7965afab5f304a539

SHA512
26900d8ba4657eeb29f78d80d4ef0f8af6db90695bb28dddf4c5fbb3ca340a54faff7c13c937cfd3531abcbd1bbb74c090f1cd1bb06ce0a50910e6a2e89b0f18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit