Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
30-10-2023 16:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://itadtechnologies.tellwise.com/rest/v1/open/dzl-HGKDBAA
Resource
win10v2004-20231023-en
General
-
Target
https://itadtechnologies.tellwise.com/rest/v1/open/dzl-HGKDBAA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133431575118743518" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 228 chrome.exe 228 chrome.exe 4216 chrome.exe 4216 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 228 chrome.exe 228 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe Token: SeShutdownPrivilege 228 chrome.exe Token: SeCreatePagefilePrivilege 228 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe 228 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 228 wrote to memory of 3864 228 chrome.exe 64 PID 228 wrote to memory of 3864 228 chrome.exe 64 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 4104 228 chrome.exe 89 PID 228 wrote to memory of 5112 228 chrome.exe 90 PID 228 wrote to memory of 5112 228 chrome.exe 90 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91 PID 228 wrote to memory of 3148 228 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://itadtechnologies.tellwise.com/rest/v1/open/dzl-HGKDBAA1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:228 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd739c9758,0x7ffd739c9768,0x7ffd739c97782⤵PID:3864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1840,i,2151607929709241832,14259801370004833028,131072 /prefetch:22⤵PID:4104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1840,i,2151607929709241832,14259801370004833028,131072 /prefetch:82⤵PID:5112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1840,i,2151607929709241832,14259801370004833028,131072 /prefetch:82⤵PID:3148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1840,i,2151607929709241832,14259801370004833028,131072 /prefetch:12⤵PID:4596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1840,i,2151607929709241832,14259801370004833028,131072 /prefetch:12⤵PID:3592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1840,i,2151607929709241832,14259801370004833028,131072 /prefetch:82⤵PID:3480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1840,i,2151607929709241832,14259801370004833028,131072 /prefetch:82⤵PID:2320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4572 --field-trial-handle=1840,i,2151607929709241832,14259801370004833028,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4216
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3520
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD52aaa1439df0d217410b884a61e489e9b
SHA1416725844dd8beadae0f53a829443e7ff6487d2c
SHA25610e1c2a8f3e39fd08c9612ea2fd44dc15beb62516a931032fe3d337df51fccb0
SHA51234745de24b46b14a7f439bfdecc28a90cbe521346ad977c3b082ca7253a77b2d23e9a3387a7dfcc37fb588fa7eab213add722e5415c71103bebbebd4838ed8a8
-
Filesize
1KB
MD5048cceff04d64ed182498983dc5cb841
SHA116c3a22664a3104612b3e1f0b7bd597659f49707
SHA2567d004c6338784587b70d2bd408e7c40b7775449fc3faaa9c67595e64f33b5db8
SHA512bcb548969f184beb9a60081994baad1536a70cfb74faa754c749e2385268801e3f318f36aca35e95aa38e45ad24f23eacabe9f7e72de98a5cdd2936b3425b9a5
-
Filesize
706B
MD5a17e1c537592e947a5f344968f915b19
SHA17b5fc5ed2b36f73e26e04b2ecdf8c25f38d854e8
SHA256c33de3c4a6b79941c2247083e5359601fe90c8c69632b294e5cba072f5b31860
SHA512065c810ef3ce139123a164626f82e6ee222c5ea11191e1616f567fbc9a5b587da5b7e839ee4ac6488f8915b4504583e77171f3ec899d818a26fd18b87b259088
-
Filesize
6KB
MD57585e73bf9c4ce4688a0c58bfeb5f6b9
SHA1adcbc85608a97854c2ca4af58d31cace0337047f
SHA2568817365c948a504011f4bde7733ad1145dc2a63850b25b52b852568821b2be38
SHA512eccfa135f43ab82fd813346cc9135965eab38e5bd4abf296e72c39379b593c49ab56378a2b6ee0c1da3d5a7478e7ff9a14fa65730105fbada6404ef2c376b493
-
Filesize
214KB
MD50fdd1cb1c00fc75962c582ddbc30066e
SHA149b8c9bac9033486985e4d706277f4cbc78d4cdb
SHA2569ffe16f46901cb3838146771bfca0ae607440a82755ffcf2aa8fd70f18f57a5f
SHA512620d589265ec60ee531fc2696bb82e3a80639ec74b509e9b33608628f04b4c1638b6e0c3538627d4876bf0b6b6d78cc3316b3c0cd542d2d33bc27e5972d839b1
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd