hxxp://webhook[.]site

Resubmissions

01-11-2023 09:40

231101-lnkhysgf43 1

01-11-2023 09:34

231101-ljzgbage84 1

Analysis

max time kernel
301s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
01-11-2023 09:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://webhook.site

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133433049510498347"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3636	chrome.exe
3636	chrome.exe
1044	chrome.exe
1044	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe
Token: SeShutdownPrivilege	3636	chrome.exe
Token: SeCreatePagefilePrivilege	3636	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 4972	3636	chrome.exe	82
PID 3636 wrote to memory of 4972	3636	chrome.exe	82
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 1780	3636	chrome.exe	88
PID 3636 wrote to memory of 2168	3636	chrome.exe	89
PID 3636 wrote to memory of 2168	3636	chrome.exe	89
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90
PID 3636 wrote to memory of 2092	3636	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://webhook.site
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffad5589758,0x7ffad5589768,0x7ffad5589778
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1872,i,8774204816664632575,18108196956111784167,131072 /prefetch:2
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1872,i,8774204816664632575,18108196956111784167,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1872,i,8774204816664632575,18108196956111784167,131072 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1872,i,8774204816664632575,18108196956111784167,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1872,i,8774204816664632575,18108196956111784167,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4808 --field-trial-handle=1872,i,8774204816664632575,18108196956111784167,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 --field-trial-handle=1872,i,8774204816664632575,18108196956111784167,131072 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 --field-trial-handle=1872,i,8774204816664632575,18108196956111784167,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2972 --field-trial-handle=1872,i,8774204816664632575,18108196956111784167,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
59769e77328e6b1ddd7d71ecb0bbaee0

SHA1
fbdb12ceedb3cb9f0fde016730141209efe0bd8f

SHA256
60973bf3aa5f750fc1f74444df9aac08d0e0478139d07e3a2d0261ff3b37d8e9

SHA512
b0e2be963641664442e121cf204664c460e656b0adbb868b606d55590729838444d0e3456142418aecd4eb4260519d4e76f1a7fc116cb8048d8035a1437aa399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
9ef393a30a84b3cfdd3e552be7463e56

SHA1
2e59fa4a86e5897b0fd277aaa9a6eee53e988e0c

SHA256
01b28ff5591dc60c4b938f7c63426730d9c880f2dcb6632245ac522954f8314b

SHA512
ff85db4fc1366ef5debbb11d6356b4aef495a4568986c3e285b1195154058717f6b5167258983e11507bd7d717422d2c59008ca182981cd210e965aca33e393d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0bbae34fe998863d10a508664562e876

SHA1
b8b915b0e32757e386cd4b1e14f4822b31d342a3

SHA256
c69587183a209be32a579ef5b3eef0f57fdca0283f68473b85ae57ac43e8dace

SHA512
72b565e685242a1bfb6f63aad1fb3dd7e105177e3cd803301b467f3f5e1c4c3c0b29b55191e8c82c35449c08d2ba622bb7d3c13dd8f97165d77006e49d0a9598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
bfc943fe366d9f2a6731e5ea9c4b610d

SHA1
51f24def57934d91330f3ea00b9db82e51240156

SHA256
7d70b13f0ad67f7d9586ac2d26801d453b38507a480b062114c48b43946b8640

SHA512
6fca182ebaa738d456daf05a45e48176d6e8304aaba49717482b306e792eef891fdb08a616e4f3dd2369414344b65d9e9796c5d1466e8aeb608722a62a04b5a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
8e2d351cb5875a846d9430960503f28f

SHA1
14d236633b63872f43c740cd855127bfdc97a268

SHA256
670bf7b96c3ec536516cae7dca3064290ae0c1d444287e965b00ee46e5569b62

SHA512
b7a460a2273b388bacc8ed7c68b8ae4c9bcfb7e06c1a8a0bd7af31af94368b9623cd0b354c9bc924057e228a38ffcf6412fc2c30052e557f5e7885efb7d4ec0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f066de67-6a33-42b6-acbd-928debefa656.tmp

Filesize
2KB

MD5
8c83fdcc032ca7f0defdb230f7858128

SHA1
168630112021539275d1812fddba4db898413ac3

SHA256
e99e4200c6d1a436d02661080bfbea866a030679925b3219c1e1cdd72c0a326f

SHA512
e57190b7b76fad0d2dbd7eeaa5046bb204b7829994769c4ca703ce56dba76e6b51d19f61ab9550c19bf2c33797e0973741cbf1b4a85b2ff9ffd164bdf2614afa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3f387ed142bd2ed5384e72027119ec59

SHA1
a686f57b5f5a0198a257c705c7ef8f7b06bf8eb7

SHA256
6763507d4663e6c3235c13687d888b2ca2622269f672f0c637aa74a8f2c4b781

SHA512
2f8c6a0c9664faa0c077a0e3bb3be2fc2e51fc994692f08e8e1ceb5da87ca98402640f694ed6ff641227ad317f4a3b0b18f243ac8a60cccb135d26b86bd446ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
01923830be5e2b589491e7e9720d05dc

SHA1
884abc93af1ff67f27a3baf32bb0d59859d2b15f

SHA256
ef75b858b8c053926cf96bc107bec5527b7fe114c089e6f25ee00f0ef559dd8e

SHA512
2a10b1faad2dd1c263468438718a08abe4bb2d97f032ae7ac1489f328e1baa8e06aa16f15caccf3349e44d534e270d59032452154a209ea46159c88869ad85e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit