hxxps://snip[.]ly/9agm55

Analysis

max time kernel
26s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://snip.ly/9agm55

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133415381913837237"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1788	chrome.exe
1788	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1788	chrome.exe
1788	chrome.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 2188	1788	chrome.exe	82
PID 1788 wrote to memory of 2188	1788	chrome.exe	82
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 4656	1788	chrome.exe	84
PID 1788 wrote to memory of 5084	1788	chrome.exe	85
PID 1788 wrote to memory of 5084	1788	chrome.exe	85
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86
PID 1788 wrote to memory of 2104	1788	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://snip.ly/9agm55
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb90069758,0x7ffb90069768,0x7ffb90069778
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1816,i,3035031487473242239,17046581418007893059,131072 /prefetch:2
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1816,i,3035031487473242239,17046581418007893059,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1816,i,3035031487473242239,17046581418007893059,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1816,i,3035031487473242239,17046581418007893059,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1816,i,3035031487473242239,17046581418007893059,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1816,i,3035031487473242239,17046581418007893059,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1816,i,3035031487473242239,17046581418007893059,131072 /prefetch:8
  2⤵
  PID:3708

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
f35eca0ad6ce9d447cdbe74a56dc361c

SHA1
f61c744c8ba61392c00195c9ef8f248fae0dbe9b

SHA256
252f284a30a3e9b27490f9d8bb74ad26e3bf3dcdd382fd79dfa100fcffb59c64

SHA512
9d1666d04bb72e16b6513264d1dab8784c75a8b73dff04bac3984e4347ca03104a24166f68316f109d86f4e1d89a708a317468c3a00a01643463a9f9d0610ddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
aa425f953393ffe6bd2b3e26a915d563

SHA1
097a088969f74daecdcc64622bf5931c1a6ea50d

SHA256
360027206c429b6ce9fbe7dc9735ec5474a3d242d272fa8133d9f5327a50b2fc

SHA512
65a43369a1dfad2feb4d49d87f72b78b5597affed2dedbb343b1c4c687b6082be3214dfe22e72954964dee832c72a167a6d3c1916571a36c1c20783f1f51d27f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
1114b036ef7f1cefcdf72b01118dcc45

SHA1
2a20e1766d410230dcfc4ab7869055473df860d4

SHA256
17508622e68d6d73bc3f175c87f3c277ad89569db9eb3366d3ea4b71c5d78893

SHA512
dbe4ca3c4dae827c40909106a881253d062711911fb8110215b23bd2b9004b1772da0f1605f366eafc34117c2a1a028da5b28089409d449c7d1ae3793e071782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
54e67ee7b43dc5caa64d5f4ea26699e1

SHA1
12d1fd6cc206ba903e42559b4259d44f5c5cf9ee

SHA256
9037b8610acf402a48533c89178784c491dc464cc789cb75d153f55fc3572e8d

SHA512
4d4e2593411772125b25a3c2d2016caf2f01e21d5438586559be1fcccadb057bdeb5f41ba9eb84c40be98871f32965b243928545e18d942a62a2ddd9a2b78de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit