hxxp://www[.]claimlookup[.]com/deere

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 13:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.claimlookup.com/deere

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133433185920997071"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1208	chrome.exe
1208	chrome.exe
4284	chrome.exe
4284	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 636	1208	chrome.exe	24
PID 1208 wrote to memory of 636	1208	chrome.exe	24
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 3532	1208	chrome.exe	89
PID 1208 wrote to memory of 4768	1208	chrome.exe	88
PID 1208 wrote to memory of 4768	1208	chrome.exe	88
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90
PID 1208 wrote to memory of 1736	1208	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.claimlookup.com/deere
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99e309758,0x7ff99e309768,0x7ff99e309778
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1900,i,15826875420432679614,2748089003150410221,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1900,i,15826875420432679614,2748089003150410221,131072 /prefetch:2
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1900,i,15826875420432679614,2748089003150410221,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1900,i,15826875420432679614,2748089003150410221,131072 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1900,i,15826875420432679614,2748089003150410221,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4872 --field-trial-handle=1900,i,15826875420432679614,2748089003150410221,131072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1900,i,15826875420432679614,2748089003150410221,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1900,i,15826875420432679614,2748089003150410221,131072 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 --field-trial-handle=1900,i,15826875420432679614,2748089003150410221,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
7e73b4933da4bffa65190baa09df899b

SHA1
bec4f763dadbc50a7d9e3cea93e8454c3117f619

SHA256
1a624e6ac8fc55cf0839d33e1c4d15386a3ee58b37469ef9f72870a942a71679

SHA512
25ced9c5e702355bd04597a7fcf31fb078b786865faa8acdfbba0476fb667c8ef94165414ee9b87dfd4a4f90355cd9e01ac00c2d9c733cd64a850985daca6ae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bc44f6ebd4616768555a381f492a0dcc

SHA1
4769a855feb320a28aeb73ae83031162ab1e6172

SHA256
75c5ea20d7b1a0dcdc1b36cb7c8fb653d7e1fcd5ed60e446604f732eae04204b

SHA512
c24d34aca6dc9af810505b0269516a4aea756d8170db96ccb4d2cdb05179ae268e8e83f71a34cbbabd26ee06259ba36112315ea2a60447525c64c393df52dac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0ea22e2ddb9c03788091db7de0ce9fde

SHA1
eb3dbc46304ae978249cd6d1d96d185aafea336c

SHA256
8b93c66f8a73be444842f7b57f2923c03960fa039329af1c804794f18e2f6075

SHA512
452e5d7a3e2fd8c27a4d087192be55c4ab1ee94aab7725129127d32da2f852943af32a5b86ca6d5f901bf3bda4d0881370cbbe93acedf061c9b769760efc0c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
350e25af3a94558d06555c4e64126256

SHA1
8698cb46168f497f1160d3eca6f4d97e672e0b21

SHA256
b6c777dc9ca241df96fffa67158aa1a4d0d7c5894aa5a6b4dabf12e75e78bdc2

SHA512
9f3afc4c91acf1e55992c307e52803cc0590627d46d666301b33ef470add0f7e7daa97b99892ff9443152a3a25348a0395603d9ae221464443519b1ddbae4c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
20f5ea78993cad854ebf7a3ec00572f4

SHA1
15546228358fcf02510c9cec6b0ec8b8d3db0743

SHA256
52a1074651157dae9162622d670b426cd0246b6bb87bf8d5dbe73132b224920e

SHA512
eb920db269ce9fa954637f7f08c2cc13f2e564aa79f038d0c5216e9b39806d86a0fe9e8e1c5cf0c71ef34e2ef45c12beb67dc6e6f038702dbffeb8041b215d48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
acf616a5844d11fcd1f210f452ca7e0a

SHA1
05ffa6e03e77ce3c5e55bacef16181fdf724b196

SHA256
1770598933875394dc77e270012cbbe6e94ebd82bf8f6c19ec8cea41c22c8350

SHA512
46a65f2ffd1affa6cc5b72fdcda425f02c697fead758ee2851fbdbc4eaf5d52c6bdd9f76a5bf5d3788437b7541fdbe495b903b0f5f70270b5b867594233fbe92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
9a8de74eb84dacb86f631e312cdea3c5

SHA1
88b9a8a574d9fb4f3193afd639af255dce664042

SHA256
637f9cbca5bafa64f51ccc0ec72df3f295d05ef4fda47ffda12d1df4a4ab8b69

SHA512
9822a702906237969e0444020a3c1353407064299d64f0bb2c4b081e676800180011e6f4689895271809442f432309922f4880d64073548fd5a3d0d433f7f7af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit