Analysis
-
max time kernel
116s -
max time network
113s -
platform
windows10-1703_x64 -
resource
win10-20230915-en -
resource tags
arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system -
submitted
19/10/2023, 02:13
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://tracker.club-os.com/campaign/click?msgId=&test=true&target=https://naadamfest.com/shgfdhjbj/dgfg/[email protected]
Resource
win10-20230915-en
General
-
Target
https://tracker.club-os.com/campaign/click?msgId=&test=true&target=https://naadamfest.com/shgfdhjbj/dgfg/[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133421552296052247" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1388 chrome.exe 1388 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe Token: SeShutdownPrivilege 1388 chrome.exe Token: SeCreatePagefilePrivilege 1388 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe 1388 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1388 wrote to memory of 2816 1388 chrome.exe 70 PID 1388 wrote to memory of 2816 1388 chrome.exe 70 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 360 1388 chrome.exe 73 PID 1388 wrote to memory of 5012 1388 chrome.exe 72 PID 1388 wrote to memory of 5012 1388 chrome.exe 72 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74 PID 1388 wrote to memory of 872 1388 chrome.exe 74
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tracker.club-os.com/campaign/click?msgId=&test=true&target=https://naadamfest.com/shgfdhjbj/dgfg/[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1388 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcd91e9758,0x7ffcd91e9768,0x7ffcd91e97782⤵PID:2816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1836,i,16816581561030264784,9197231657752709563,131072 /prefetch:82⤵PID:5012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1836,i,16816581561030264784,9197231657752709563,131072 /prefetch:22⤵PID:360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2060 --field-trial-handle=1836,i,16816581561030264784,9197231657752709563,131072 /prefetch:82⤵PID:872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1836,i,16816581561030264784,9197231657752709563,131072 /prefetch:12⤵PID:3628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1836,i,16816581561030264784,9197231657752709563,131072 /prefetch:12⤵PID:796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4632 --field-trial-handle=1836,i,16816581561030264784,9197231657752709563,131072 /prefetch:12⤵PID:3984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4756 --field-trial-handle=1836,i,16816581561030264784,9197231657752709563,131072 /prefetch:12⤵PID:3744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3140 --field-trial-handle=1836,i,16816581561030264784,9197231657752709563,131072 /prefetch:12⤵PID:2204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1836,i,16816581561030264784,9197231657752709563,131072 /prefetch:82⤵PID:3520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2956 --field-trial-handle=1836,i,16816581561030264784,9197231657752709563,131072 /prefetch:82⤵PID:4164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2948 --field-trial-handle=1836,i,16816581561030264784,9197231657752709563,131072 /prefetch:82⤵PID:4788
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2156
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192B
MD534331a6f543f450bdd9379ede6ca2686
SHA111db9547eedd228c1410e91771ea05649aa9444c
SHA25644c5973581e7f7b45c2fa2eba0347a479abb004040c002a29de9457c20527640
SHA5123597071f9a0dee553fd8231311d4b2697e408b33a5468fbc24566f701760b6efe72bc1ec074f4ac80ab37fdac48db4308f4e62cd886882ae675551e28d69b28c
-
Filesize
1KB
MD52d9c57082eb93451d8bad767e1aa4191
SHA1bbd59f3568f5d394de134b99f3422a96d5b9735b
SHA256510eac4597442b3e136f8cf1960a9469ef6efa2a6a52dc07482b0770f7758000
SHA512ab7864211772ec0f8df9eedc7145384de07c0eaac7fed8a3c06ea9c0b82c4e5ffea3a6b22c551b4442f3123ba0d822e5be7d606656b5b3f26ce0e274a220f10c
-
Filesize
1KB
MD5151546127d00e40e54bb7462a69cef5d
SHA16c5f1627ca542d46a4c0323a144a858a9a894111
SHA256df252ef90c1a3e628f8bc79a5f4252ad99a8b46b33590b7d2001bf41dfc356dc
SHA512644c81254fea4e197d68ac67592910d3711a5a7bca6d101bca1ddaadc2cfdce814a0c4d6a427c7c1eb95c10f3cd46c410b12c56e510ec3b7ae611c733715ad69
-
Filesize
872B
MD551682b5bdb0634253a60be7a9b37de3a
SHA1eb0fb4558467fac154eeee33919acb384a401f2c
SHA2562cf625dc9e6e2c2607b627c0d58f838d1523d1b11a4243dccbae70dbf25c2620
SHA512724204a555ed3b58ed69996007059fde69dc519e651e98be13bf99aa75a968d0e46b72b9d1618ba720661ac9b77b92c7c40b9f409cfb21b09448d833c933761c
-
Filesize
6KB
MD5990267793790355d459d87d89695268f
SHA1f0ac581394328f53bad87d946e171594e8f283f7
SHA25610e89fd3aca40370da6c659da95d1f7df91f9199864fbc3ef8b6c59d3f665ef6
SHA512783613e8e0ecd4419b66f7ee81e6b81c03fd0003100f94b792f82776850cea99ef8e5182e157d31f009cd176034807499b66967d352aa273ce2c9d9fdc65e0e7
-
Filesize
101KB
MD583d5485ce22342701beb669952acf4c9
SHA11dbc8b80676f3d826ff461a5ea38bb574d12a918
SHA256fec238f53f3de8a2ae613a04fae6504d81411110dc13eb734b9e4db24b6779c6
SHA512baa98334ec9dbf0e35ccc4e122d269694dfd6da2734e266910a1135099647d1fa98ce7d1953f2e08ebe4041407b5653c344b8a8a595a600f0cbb7f95bcc16982
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd