hxxp://46[.]1[.]103[.]69[:]2341

Analysis

max time kernel
163s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://46.1.103.69:2341

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133414509288189626"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 3676	4820	chrome.exe	87
PID 4820 wrote to memory of 3676	4820	chrome.exe	87
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 2004	4820	chrome.exe	89
PID 4820 wrote to memory of 3280	4820	chrome.exe	90
PID 4820 wrote to memory of 3280	4820	chrome.exe	90
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91
PID 4820 wrote to memory of 4408	4820	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://46.1.103.69:2341
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd58fc9758,0x7ffd58fc9768,0x7ffd58fc9778
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1868,i,10564842061402511238,16781216587581461442,131072 /prefetch:2
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1868,i,10564842061402511238,16781216587581461442,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1868,i,10564842061402511238,16781216587581461442,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1868,i,10564842061402511238,16781216587581461442,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1868,i,10564842061402511238,16781216587581461442,131072 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4292 --field-trial-handle=1868,i,10564842061402511238,16781216587581461442,131072 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1868,i,10564842061402511238,16781216587581461442,131072 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4652 --field-trial-handle=1868,i,10564842061402511238,16781216587581461442,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3356 --field-trial-handle=1868,i,10564842061402511238,16781216587581461442,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3108 --field-trial-handle=1868,i,10564842061402511238,16781216587581461442,131072 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=212 --field-trial-handle=1868,i,10564842061402511238,16781216587581461442,131072 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4576 --field-trial-handle=1868,i,10564842061402511238,16781216587581461442,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
57d0028379cd87df84b582b2cc3ef36c

SHA1
6fd91093f4e398e91daf435b2170e6359efa991e

SHA256
5df914614023e22d34268d977a07045d75c72f688c3bccca36d90b64c4425012

SHA512
dc83f184a85d4d768308f05773ca4b10a88ad2b28b89bb93a4d6733af44cf5d514d8f1007a9c0f564287fae3604a9b933a02103a4a1c0ba3868050ecbc822539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ece5698dc07abede28916df3783b68a9

SHA1
faecba479901a5c4c1a279d282958ca0af23f28b

SHA256
a3762e1ef6911f00889166d0ec8722508247552ea753e29ecb3d49fcac16653e

SHA512
09db14fa80533addecac9de00d1e8257374d873932e345e7dfaec29e14ebe242a9c174cafad88c887469d919641b0967c1fc9196954236ab2041df43c936e849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d478255c19039d3bb1fed2acbfa2ee96

SHA1
ee0f5fca4546004f224fec65573631b358dc2d24

SHA256
c521ab704be954b0073630365b6d4dd7423521c9342d52861c51c58f6c3fb9ed

SHA512
30ba17222c031e80e8c25d64428133e1e6d9b60b3b1083d6830d10d5bef3f80c0580c94231e922bebe6a83965216ebe9dbd1db40a92f53ebd12773fabf389d1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
57fb4b8dd75e791865b5a45d97e62d3b

SHA1
a121f6ca0fa660a8c4059a9377a6c1c3439b7267

SHA256
173c7819e9f6036cee1fdd71bb388dc89d601fc39666496fbc40e36db9d758fe

SHA512
f09af84196f6e34a87967aa5985bde3bc72a5338fb01706d8491f21430ce9c39cbc99990700190b25a1534231f10945f18b0d31d7a39799365e8f91e06c58821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit