hxxps://aumytaxpage[.]top

Analysis

max time kernel
159s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aumytaxpage.top

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133415340294485894"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
3504	chrome.exe
3504	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 1248	4868	chrome.exe	85
PID 4868 wrote to memory of 1248	4868	chrome.exe	85
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 1488	4868	chrome.exe	87
PID 4868 wrote to memory of 2416	4868	chrome.exe	89
PID 4868 wrote to memory of 2416	4868	chrome.exe	89
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88
PID 4868 wrote to memory of 2872	4868	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aumytaxpage.top
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7fffe79d9758,0x7fffe79d9768,0x7fffe79d9778
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1884,i,9435217462696253816,2514058728236216762,131072 /prefetch:2
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1884,i,9435217462696253816,2514058728236216762,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1884,i,9435217462696253816,2514058728236216762,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1884,i,9435217462696253816,2514058728236216762,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1884,i,9435217462696253816,2514058728236216762,131072 /prefetch:1
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1884,i,9435217462696253816,2514058728236216762,131072 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1884,i,9435217462696253816,2514058728236216762,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2792 --field-trial-handle=1884,i,9435217462696253816,2514058728236216762,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
d528cbf853d0447e82be70701842ff03

SHA1
a52bd216f925599b90282d5bd7e5f850d3e07e77

SHA256
d602f630162ba78a883f9ce953edfd654c29ae5f9ec995e27e8bb9ea85ae0bae

SHA512
8158bc73bea37d0b6f7fc381c7c46b746f22f388139917c242b2492aa0a308a0299f068da3a9f7edd764b377a85f13bbf4878b0495add7b8d66de72ce9ced7e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bb8bb515dbefb75cc1f53cdf51ab73b9

SHA1
52cc97c902ebeaaa9b2a430676606fdc88ba77a8

SHA256
dbb38e88c94f22e0aeccc7f1d2052215c157965dcdc895edc9cd8975b161d799

SHA512
d1df2a2d7e9cd5a8fedc41de8bbfc80df650240ce16dce01d502596c51921cd4e7c7552bdb772fcfcbc2bad481592ae1860c9c62c5835179ec5aba1b2a939e03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
cba6fdfb7648cf60682f5377d0948ae2

SHA1
d22471d4745bf8fd521070e3e3ccc3cabe4c7794

SHA256
f5732dd627d7a08aa1da370659357d6c01dc5ba11cbadb9a0b9b8c191b4f0bb2

SHA512
371dddf0d3629dd2996056c531cb0653ff75405ed2f026996f6ab6f160072761743680422d98416251ffa2529767d7030fc9661d1e63ed76c5b2a35eb5910dc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
59a2c5f01b396ae4e42e1dd0e29baf72

SHA1
0c6fb4bcc08e90d00d586af208f42f6491d21085

SHA256
fbcb7be4132b6fdbafcc7e7da6d96f4ea65ed8c167015f91c50763bc5b24edac

SHA512
7a0c2fc1d0380dfd433c506663e72c41e2ab6ce38e2b9236d85b5baf1069dc96872a696aafbd38a3774021060b6b21a4d58c7a9aea9f4c1128971a9bf7c98a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
cef940c1652c50d4bdf76baa19ca0ba4

SHA1
2a1aafa80dca508c96d45f1e759dea6334b4f4b5

SHA256
68a2cd45a033e8ffe573b4bfb5f7396f687fc061c6b796aa63ee6a65d0475654

SHA512
792da21c0a0a4284702fb0a884619d5c70ca1be78c028193d6b1d7048e76469d8becf1b0ccc1dc9df8a33fd36a92ab798ee6c79412bc6288b1c76b4c4c3e9b08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit