hxxps://matrujayurveda[.]in/atee/?29458931

Analysis

max time kernel
156s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23/10/2023, 19:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://matrujayurveda.in/atee/?29458931

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 4028	2256	chrome.exe	83
PID 2256 wrote to memory of 4028	2256	chrome.exe	83
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 2880	2256	chrome.exe	85
PID 2256 wrote to memory of 3504	2256	chrome.exe	86
PID 2256 wrote to memory of 3504	2256	chrome.exe	86
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87
PID 2256 wrote to memory of 4700	2256	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://matrujayurveda.in/atee/?29458931
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe129a9758,0x7ffe129a9768,0x7ffe129a9778
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1284 --field-trial-handle=1904,i,1541951573732825631,11279499983414272370,131072 /prefetch:2
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1904,i,1541951573732825631,11279499983414272370,131072 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 --field-trial-handle=1904,i,1541951573732825631,11279499983414272370,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1904,i,1541951573732825631,11279499983414272370,131072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1904,i,1541951573732825631,11279499983414272370,131072 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1904,i,1541951573732825631,11279499983414272370,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1904,i,1541951573732825631,11279499983414272370,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=884 --field-trial-handle=1904,i,1541951573732825631,11279499983414272370,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4168

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
192B

MD5
e2efdcac8933af456d3d1da5eb88c19a

SHA1
7e86cc784bf28077ef0f806c9d9671529866764d

SHA256
08d51ed5001ee00276ddf75d47d4b07fa309cebca528c5e23f67675edcb20676

SHA512
8666618ac40ce5eb286a8701e685426401fb99e266ef3f1e03b174a1f38309b81e08f08f535d07c4fb33006ebd581b95d4c5a439722b0c0c2aa8e59e8adc7390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a185d84f01247ebad0fd4fc29a06dbc6

SHA1
56920cd356ba0276c1c98e57d679188df246cc33

SHA256
b4355a689d23a3f65047efeca2092843e9acd2cd9e161e759027da3f5f11b9c1

SHA512
e570fe3d789053031d8569e6a10aed439c716ef09fdeb8cb5c7d2cfe1cf665d035f52c26b2d3aed6b91722deea214c7f5e20dd4c66e8c46fc27e71c8b0597a8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
46998a6ade6351bde7cd39bf0d8d007a

SHA1
b54d9a9280c580afd457abb2c729c9726734aa01

SHA256
43abc51a0754ffdcfe4030bc5eda8889e2265fd4b1023b4387f144734acbbec7

SHA512
0b06627c7868d877be84a78eb7f0e76d17aaf8b6da9c54d5d7e79bc1d6b865c7455dff6cbd4973b7c2cacafaad5068fbba9001a7a4042105b90a6851a68f9d2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2aacd4f8ff6ca69acf12fbc64880cb9a

SHA1
4412f2e43b7ca83123677124b948314c8326d49b

SHA256
6841bb7c043fec2acac24d222c9b9ee2b0773ac5ef3ac7f6feaee74592f9ce2f

SHA512
3fb67eb1c043fe7b3575280cfb9ee9b0d51f121f9748496066def58fb8dc40f8984a54bcaf3364949876382406cfc89a88a922aa7a4e3faffd5a1eb88eec875b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a3781fe40d70a99288a63facfab5463d

SHA1
5433a877ef3a8720a95702316445deea66a170f9

SHA256
74c51f1241ebb22cdc638599058c5ae44115c49a51ddad2535979278b486913d

SHA512
a393d6f1952838ac7d130f085fc2054558d4b98dcb7d002784df48decaf773c150dfa5c09d79c9bada87c4e05f80a85d3fa27a130e1657f3c3dcb21ab66e20ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f911302d20d41f9b69678f931cf1c159

SHA1
65a17fa708b2e8b86e5eaf1200c0a362b8627c81

SHA256
57b9af15dfff6983baaab702753f8bb328c8d0515af72329515d5e3ef37db110

SHA512
54c505d891ca05d27e7250392ec1a7ced885e465f0c77549a355b53d13db9eee177957a9da222c3d6245e839f1e6eab0c9bcd5d31fcbbccd8eff93081a1b9490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
ed74ff24c384e7bb1e2c53bc92be658b

SHA1
f80cd3558598e57d366cb408ff5ef9d03a16bc2b

SHA256
150f3d866d9e6bede7c645cab22ca3037ebb477f710887a1b0c7af64368c2530

SHA512
21856f4e2b2fa71e6a4b6cd625517935b6947d4ec433e236cd5cade01a71d7c1d9d7a321b6114a1344b258fe06a9ff54589f5456199758601212e2152258cd15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit