hxxp://www[.]accupos[.]com

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2023, 17:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.accupos.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133413479203199072"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1472	chrome.exe
1472	chrome.exe
1120	chrome.exe
1120	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 4492	1472	chrome.exe	85
PID 1472 wrote to memory of 4492	1472	chrome.exe	85
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 2516	1472	chrome.exe	89
PID 1472 wrote to memory of 1848	1472	chrome.exe	90
PID 1472 wrote to memory of 1848	1472	chrome.exe	90
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91
PID 1472 wrote to memory of 3972	1472	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.accupos.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8006a9758,0x7ff8006a9768,0x7ff8006a9778
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1876,i,7582903929825681479,11431031782639483508,131072 /prefetch:2
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1876,i,7582903929825681479,11431031782639483508,131072 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1876,i,7582903929825681479,11431031782639483508,131072 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1876,i,7582903929825681479,11431031782639483508,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1876,i,7582903929825681479,11431031782639483508,131072 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4636 --field-trial-handle=1876,i,7582903929825681479,11431031782639483508,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1876,i,7582903929825681479,11431031782639483508,131072 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 --field-trial-handle=1876,i,7582903929825681479,11431031782639483508,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1876,i,7582903929825681479,11431031782639483508,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1120

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
78519ab9c5c228bddcf48429181ef6d3

SHA1
eca023d2a2c32dac553aff63b950177a89496f81

SHA256
11d65d72122d48162ff3c67b3df6190860756ff970167fd5e0bec49c6bfe43cd

SHA512
0fe778ef23d844a4aee3ed7dadd0f86b03d80c1c1401026ec9a72b5867bf127ada94163847689e590917de8179f46107f22563d151029fec246f174fbc1f992c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3a1e36c8f8bd4d5742db69a0a5604f2b

SHA1
5960c6f909ddafa18cfc69d9779b89a8d94b8738

SHA256
53bed4e1bd603086a52549ef184fb8262bf6d8739b498c3f402a7e5df032c25d

SHA512
e49b3f0b7362f5cdcc2f2f25093c96a43ff06d569658590a29dccd57a50de5b51421c595928fe6d57a6c58d986c993d745d2d11f3a92a3bf43aff59e2cd195e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d2b2a4ca4e6ffa3ad6fb091de1d2d756

SHA1
79b9415772d5a011fb60c82e2764f9732b5d3cda

SHA256
7544864d866a46a18fc6190a9dac5b2d6d8bd0ed01d003d75586cd050fde8037

SHA512
20abb1a306ccb3b175d628fc631ada92da50f174969a8231fbf52b4b1b9fbaed4fd86c99e271f1b1afc07c0af2e5e74de3849df468f323a326cf416224e5fa8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f27c3df8383a6bbad938e60c5633cce5

SHA1
f62ecc2d393efbc3419ce911391ba7746a33e458

SHA256
fa3ede565bde874aea261c2738d8b2a8c930eb9346b5daa66ed225db062405fc

SHA512
d34233d1fc767fb84fb08f58bdb9eff0b46ae414d955b34837793016579c44fdd8c1c398d730c53c09300114b3823156f523d2985d39339e0532311051e67ec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
f02b04600477fae2905db707d7c240b3

SHA1
347880cafd1c2adf5c07076b0199d33291cc05cb

SHA256
690fe1274b2e4fbc9aebad1349bc56748d4e0a6aa3f1518c733146fa8a9e6e7b

SHA512
7b0c5a233acea748f6365d6461d7e495699d1db5d4c1a21a1db5e4100a4b8c3e673e2d1f8d0b686a62a959fd5889fcfb763d2be2824bb6563956c7b63ead5e66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit