hxxps://pensionpianningusa[.]com

Analysis

max time kernel
73s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pensionpianningusa.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133416092968224338"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4140	chrome.exe
4140	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe
Token: SeShutdownPrivilege	4140	chrome.exe
Token: SeCreatePagefilePrivilege	4140	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4140 wrote to memory of 1792	4140	chrome.exe	87
PID 4140 wrote to memory of 1792	4140	chrome.exe	87
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 4340	4140	chrome.exe	90
PID 4140 wrote to memory of 1912	4140	chrome.exe	91
PID 4140 wrote to memory of 1912	4140	chrome.exe	91
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92
PID 4140 wrote to memory of 4136	4140	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pensionpianningusa.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffdb0a29758,0x7ffdb0a29768,0x7ffdb0a29778
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1868,i,1336248993710718258,99882002149199189,131072 /prefetch:2
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1868,i,1336248993710718258,99882002149199189,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1868,i,1336248993710718258,99882002149199189,131072 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1868,i,1336248993710718258,99882002149199189,131072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1868,i,1336248993710718258,99882002149199189,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4380 --field-trial-handle=1868,i,1336248993710718258,99882002149199189,131072 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1868,i,1336248993710718258,99882002149199189,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3276 --field-trial-handle=1868,i,1336248993710718258,99882002149199189,131072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5320 --field-trial-handle=1868,i,1336248993710718258,99882002149199189,131072 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3764 --field-trial-handle=1868,i,1336248993710718258,99882002149199189,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2792 --field-trial-handle=1868,i,1336248993710718258,99882002149199189,131072 /prefetch:1
  2⤵
  PID:2852

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
143767118a9082044cace86ac9304045

SHA1
0f65cf2a232cda9bffebd952e3df95035ef4fc1d

SHA256
d69b02dd7f1b0690977b4fe45b64373b40abbb6a1259ff11d40f42df257789bc

SHA512
bad6c65c506499d43495520d6e4632597c5623e94915769a0f5a3659aaebebf5ed3387f81edbffb489bc82b3477baed4e1eae862c66f4f89fde63962615a1582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ff37e85a2ce9684ab172f2923b1eafb8

SHA1
518c1217e06a41cf8d6b78f08f04d437366e4ce0

SHA256
82e5c3d94e4c841f61d6f284c9c6026717a5b0550a5134d119242fa986b75044

SHA512
5429b89ec973d00b1f42281958bd3861889ae426d623bad80dd7ba34316b55600dd5e85373088030900de2ce83c26c40ae334b3b6ac5ec794db3b52da2a89f13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
08f37bad25d1bfa637a81409162b7ee6

SHA1
08c8ea766ca7bb98c5d19f7ec821a6c1090f0216

SHA256
83967e64624aa13fc1fbce812f94faa705aadc310d67e6e32302482a5874147e

SHA512
79a03567d5217b5c7294bcf803b8fa4175b262e46ab4851d39cb79be788c01310b3b3b37838adbdcaca5200023d6a7d13055d3220e720e2e89a7a56be3defbdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
187684778d9f0c42323f94c7a64a1e97

SHA1
e4ff20b3d8e0329207fc0424464b9fdd89ea1ece

SHA256
447cb43eda14898f3d6c687e61cfa8602df7f1257d6a9ebf584c244c1d8ef39e

SHA512
28b7dff2b8bd9d4fdcbc7c3de33354f8c2d367234c326b11e015959d8121170382966594d2ab84ae07a6c814cf8dcaeaf57b149dbab86ce1616dc448882deae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
7ef879c44beee253d79220134b2e97e4

SHA1
6c15f07394f35e54257aea768a602d6fe3cfa2dc

SHA256
60f1bb4be730f9643e6d096b75b471ca5a1ac4103a32562109fc6b6b90f46b7f

SHA512
6e939a71ae5695f3ca836673a5ba7eb18a79bbd8b52551265e2106be986a816cc638e67a5493824d70dd25b8d08738f6cdca3f3c5633b820309f16e41f5620be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit