hxxps://usups[.]top

Analysis

max time kernel
151s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2023 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://usups.top

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133419546020966570"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3440	chrome.exe
3440	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 4548	3440	chrome.exe	75
PID 3440 wrote to memory of 4548	3440	chrome.exe	75
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4448	3440	chrome.exe	86
PID 3440 wrote to memory of 4488	3440	chrome.exe	87
PID 3440 wrote to memory of 4488	3440	chrome.exe	87
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88
PID 3440 wrote to memory of 3288	3440	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://usups.top
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd93f9758,0x7fffd93f9768,0x7fffd93f9778
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1920,i,13950419208443977760,7748629420677023767,131072 /prefetch:2
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1920,i,13950419208443977760,7748629420677023767,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1920,i,13950419208443977760,7748629420677023767,131072 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1920,i,13950419208443977760,7748629420677023767,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1920,i,13950419208443977760,7748629420677023767,131072 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1920,i,13950419208443977760,7748629420677023767,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1920,i,13950419208443977760,7748629420677023767,131072 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=6092 --field-trial-handle=1920,i,13950419208443977760,7748629420677023767,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 --field-trial-handle=1920,i,13950419208443977760,7748629420677023767,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
06d177277eb6771e0c1c3b464e69435f

SHA1
da17834f64414ff2b65451c725c87a2e3478a883

SHA256
ccaa31fee6a2d996f4dc133ddd7c8967a49cdc255c5b589bdbe422129f58726f

SHA512
ccf855bc053f17a725e7840253136ba2320b6312cb201ee6de691538e841e5d5f7b04f674811e7539718abcd65e399fe014914ccde70bed8dfe3b6a092c0aa0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
39845ed4a296eb261c43691b7014e74a

SHA1
728476122cf2b21bee44a4731587ae5a58086124

SHA256
67583ee5bde46e8763ccbdaff1b65a26a03d1e678df7f173de983627fe80fa92

SHA512
1ec3236b281661dc73272636de9ae27770e7e27eb2325e5d73ac9b5b1b607171a0cd84395f1ad95be6857a212acec1a62d74ff969aff3f68b794040dfbc3c06f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
07854b9208e16e2e1796d3c7c8c6a4a0

SHA1
0a8aba0c2e7ef6cb68878210e46a74f844065623

SHA256
1b02cb117e779514a59b2142ce00bb29b67d068b17d6472a5e761d8298eaf08f

SHA512
e1f40f3771a0b91b1c83d61384796945f7b0296411b2f5435a3c565bdc8c3007e87926db33a3429f1a8b6ea61aac1b2696e27a9d6b87a0039643440c08c38b29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
307c23d1c9277ef65f8a4cb560a6dbb3

SHA1
9d3d536d3d1e863a808956baae33a4bb1443c162

SHA256
7711e9c6b51ceca2792afd95a55bf46db7c594810c050172cc13071285f18ac6

SHA512
9555a8963fef2f02cbf00d906cf7ecb81044449e36da4a713ab4cc1041289cdde9b62738be72f5e15fbabe87aefafb980822afb78afe3874c78e9cbe40919a00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
60e571bb9b93aa727038aed03f9f7b72

SHA1
51997f5d597bac2edaadc801e90555053b742a55

SHA256
359b4ef10900c63cf38860843150624240006f2f20df64f5b4230c90ada960d2

SHA512
d064a81dde8d9f91b4b6c63053a761cb08148daf05e48793d9028b54753fc8c67f79804662f225b938df8d56ffcd4e63d1abd17f4712aa485771500fe5fa31e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
412e87ff6c8778f25bcfd1a2749a4783

SHA1
70c90bebd9c1ea5904b7e2d1b2fcb98390f7b872

SHA256
99098ebaacaacc69a86041fd69e0fd75b048624fff31b69fa2f2ef719fade155

SHA512
51c54f73acd406929884ce8f20d75aac55883c426907127189f64bb663e80c43c67093c7d04bc717c6592f00945049fc5117b9f0fcd774138b032f47370eb08d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e8e665c1942dccb84069a2f86f5b65bd

SHA1
7b6cbdbf24cc430e7ed60e99bdcbf4905a2577c0

SHA256
2673fc33e887beb90f4637df8100aa6adc2ed7cd5ae2f0ca6e1d702479f2fa9f

SHA512
7de69498805bb0f5ec8b11d607c1fa87fe915c9f548846ba5319820283460b29b1802f811afcf056b5359aaebc9d2a6d1434041998504f54d33cc85e99765ed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
224ca207393850c8614db16240df0873

SHA1
b615d5d03210f4f20d596e4c43e46a30e3642a63

SHA256
4ffafdb40f18cc616c7aaacc7cc0871c2233b480eb22505634dc40e19cf91572

SHA512
292d828807d9880709ca62bb6db99bf5973ade1032dbb012a2f3a70df6d1060cd800aac177ad9ac4a3d196dd0396a5369119330daf93f263e2c0de1d8dde8a2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit