hxxp://primepartnersconsult[.]com

Analysis

max time kernel
300s
max time network
267s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 12:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://primepartnersconsult.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133433171534550932"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
2312	chrome.exe
2312	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 4888	3992	chrome.exe	88
PID 3992 wrote to memory of 4888	3992	chrome.exe	88
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 3724	3992	chrome.exe	91
PID 3992 wrote to memory of 4912	3992	chrome.exe	92
PID 3992 wrote to memory of 4912	3992	chrome.exe	92
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93
PID 3992 wrote to memory of 4996	3992	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://primepartnersconsult.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec0539758,0x7ffec0539768,0x7ffec0539778
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1896,i,14642031943394652183,6689499962503749548,131072 /prefetch:2
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1896,i,14642031943394652183,6689499962503749548,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1896,i,14642031943394652183,6689499962503749548,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1896,i,14642031943394652183,6689499962503749548,131072 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1896,i,14642031943394652183,6689499962503749548,131072 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1896,i,14642031943394652183,6689499962503749548,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1896,i,14642031943394652183,6689499962503749548,131072 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5132 --field-trial-handle=1896,i,14642031943394652183,6689499962503749548,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2312

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1eedd942-482e-476c-80d0-10013199bb99.tmp

Filesize
5KB

MD5
3dd47f0ce742996ddfdaa5047169764c

SHA1
0d748786f67a45eb11671afe3389ad595acead89

SHA256
4e0311580083dd731e3e99f95c4998e4bb05d297cc7ad47b7733e49ebc654b8c

SHA512
0511a1b2d335701460a38bd527cfa7990c8a96fafa757c7206e0b00ca4b97d9d15db8628a09a3f92e089677fd37709f0140819f2530b6d26b5ada8100e71f6c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d2222cd4cad8abaa2cc36cad19627b70

SHA1
653404c83f51977462c2019753c9ffef9514622e

SHA256
f64fbafbd59411bcbc4b009b14b51841079e7a3f1ffc531cf80bab50c31c83e6

SHA512
8d8ff904b2e3571967f1f12f9e7707c010704ecf52eed9ba50043f083d04ccb87ffdc423e69c37caf43bfc4a1d4db1f85b933d2fde3d23602f867f5eecb8a1bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ef6ba5c244efab5f5bee0fc723b61a0f

SHA1
99300a4b19c19711db05870374aa2859437aa380

SHA256
10fac0410e1ae2b829a1a0741373f2c1ef728d877ff035a51e3c49e62375f8ed

SHA512
f06b60bbbcae228e81bbe63869387a6213005987f3419793e21a1fed33ded288252dfac37581515d4c8e06e14009726c46c7ee4a74ca24934ad7d55647dee818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
558b67f63e33c832f6ccd052358ff2e1

SHA1
68277bd733a3a0b2696423c54648597ab8628cbf

SHA256
5023de45b294c0b2081fa80c540dbc8f31625c58a89ac60340ef73d2b45bfeac

SHA512
40d775a62031fbeb949b88a3b57c997a4bc6f2e2922e97c7ef1acc7696996818f85ce443c0f5979a08d5a632b9ad988ba7308b6b4fba9fc5750c5e9b89b02014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
11407ce53be970d8a12138d7e1acfb70

SHA1
608fe98db461e96c0c19493273ad23d4af706464

SHA256
d595d4c8575bf6afccc1caab09f7c6b68c9b7dd2c25684d9eadb5dbe61c621af

SHA512
f74922ab6e8816fb733672784164f6866be17278d71befe428e13cd004c012875a0e76666de679c240637986b9fd3b22021179864a2cebed9b90e8bcd0ef84f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5081b6dc4ce90dd5a08d3cd4265eb98f

SHA1
657ffbd1ea8b79b5c9c353bbc74cc990c8a1397e

SHA256
50fdd7772bd0c35156156505200448badcd16a8e8e4f81451ffa084ef80c4387

SHA512
53d0fb10b7b250544adb604b5af4ec42a3b95157eddd8d82cd770dbb709b75a9068bac67dba76a68b1ccd6275addaeb8b19ecedfdbb76e4f2cb9ee4f1c16dd31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9b007c9c96b64614183e205bb38bdaba

SHA1
c53d0cf61483a67af7c0a417603f9938b21dd983

SHA256
666857a8035be8ab30197f47faf021bd648d9daf67c509f7788c3f03512b7dae

SHA512
2c646dba3a481d273534782050f26b40a6ced7e266528ef2143a731b1e6c7e8f74520e415e9c96b9682426569f1d5304e14b0a1a1db6c49d6bb3aec217a68202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
3f3b2104051b16bb2a4a683a17e742ee

SHA1
394aac284e82f8d7a685dd904ccfbab4a1f4c352

SHA256
ba3ef7b7b2ced98246ee0a40a65b1c331821235d274e63818cdd867bba497f00

SHA512
88d57357984aa36204b0f400ff272daff8f2e327160d058ed2ed6c1dc6e2ac60d4d5269781e887b8c2ef27d6e7f8a67ff8ad1b6602ded5bedee9eb7e6634632c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit