Resubmissions
16/10/2023, 11:47
231016-nxyhaadh8x 816/10/2023, 11:42
231016-nt46nafh27 1016/10/2023, 11:11
231016-nac8tsdf5w 10Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
16/10/2023, 11:47
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://validatepassword-requesttoday.eu-central-1.linodeobjects.com/nowview.html#[email protected]
Resource
win10v2004-20230915-en
General
-
Target
https://validatepassword-requesttoday.eu-central-1.linodeobjects.com/nowview.html#[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133419305183245214" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4968 chrome.exe 4968 chrome.exe 4252 chrome.exe 4252 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe Token: SeShutdownPrivilege 4968 chrome.exe Token: SeCreatePagefilePrivilege 4968 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe 4968 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4968 wrote to memory of 1840 4968 chrome.exe 81 PID 4968 wrote to memory of 1840 4968 chrome.exe 81 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 4932 4968 chrome.exe 84 PID 4968 wrote to memory of 1456 4968 chrome.exe 85 PID 4968 wrote to memory of 1456 4968 chrome.exe 85 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86 PID 4968 wrote to memory of 4128 4968 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://validatepassword-requesttoday.eu-central-1.linodeobjects.com/nowview.html#[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4968 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6c0c9758,0x7ffa6c0c9768,0x7ffa6c0c97782⤵PID:1840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1900,i,13817340068337367384,257905538225349044,131072 /prefetch:22⤵PID:4932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1900,i,13817340068337367384,257905538225349044,131072 /prefetch:82⤵PID:1456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1900,i,13817340068337367384,257905538225349044,131072 /prefetch:82⤵PID:4128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1900,i,13817340068337367384,257905538225349044,131072 /prefetch:12⤵PID:3472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1900,i,13817340068337367384,257905538225349044,131072 /prefetch:12⤵PID:3556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1900,i,13817340068337367384,257905538225349044,131072 /prefetch:82⤵PID:3832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1900,i,13817340068337367384,257905538225349044,131072 /prefetch:82⤵PID:3976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5096 --field-trial-handle=1900,i,13817340068337367384,257905538225349044,131072 /prefetch:12⤵PID:4824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2512 --field-trial-handle=1900,i,13817340068337367384,257905538225349044,131072 /prefetch:12⤵PID:3792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3052 --field-trial-handle=1900,i,13817340068337367384,257905538225349044,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4252
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3096
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
896B
MD5bbb86f237287738edc7dee266306b1d5
SHA1df6fee0e200518e574d6e75f6fc9f9a5a2025023
SHA2564b8d0a33237f6d95c5051b7e4a281d95ab7b8fc6cd8ed3a81e7e23fc0a21b935
SHA5121d6b19a9e5a8b3ad75218ca4b4c42e2dd895ea2f5c616cd24461b38615bd8389d12ac8b3f91499d7d838eac51518d364670c5fa24b79b5ff10879372751a7ca8
-
Filesize
7KB
MD5e2a2528b12cd7c8d41e9f00a6798c0f0
SHA1765ea86ba96e838b72952162f9a7cd61d99fc80f
SHA256c82e8387d1f5e5042fc947c29358197fdef1f3915272ac434242fd409075d3d3
SHA5127dcaeceb14d6ca1e799c88d2143621ccf7ffa0bcd3d4f09023b364deff1533721de8e54aef64cc02ad479f825bde9811f90c568da6b53db7be9708f95c0f1425
-
Filesize
6KB
MD56052b789779a38f43e22229e9e7d7d37
SHA1638a558be9448dbff17fef43776f7d8b11b907c7
SHA2567bb9c9c226d9c693737bcc10623554688b642980b72334a8422fe12b1e4c5956
SHA5129acb34947a0380fd903e3527433bdea48ff49bab3a4e467333c479d1fba52bcb6f8368745b2f2e26637cc73caccb786747b2e7222d5d78891bfb69a0292adc9f
-
Filesize
101KB
MD569edde1d38d94dcf04761d568928f141
SHA1fe11669a5b651245680e09ecb6f700713a20e3ef
SHA2567e08b7d692cd2ded5a50aa1a01f714baf2e3766cbc624e3af5ee148d60fadf85
SHA512425b6c219a8ee24d61cc3c4e6237af5ea608e84b7ffd2a9fcd336e083696fad5de54fe954733251d7fb6558314395193d1a3d07d4eb8b3ba07c6ba7b23974354
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd