hxxps://webtrck[.]pl

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2023 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://webtrck.pl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133437803308711552"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3012	chrome.exe
3012	chrome.exe
844	chrome.exe
844	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3012	chrome.exe
3012	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 3716	3012	chrome.exe	35
PID 3012 wrote to memory of 3716	3012	chrome.exe	35
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 468	3012	chrome.exe	88
PID 3012 wrote to memory of 2264	3012	chrome.exe	89
PID 3012 wrote to memory of 2264	3012	chrome.exe	89
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90
PID 3012 wrote to memory of 3700	3012	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://webtrck.pl
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf2799758,0x7ffdf2799768,0x7ffdf2799778
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1868,i,15800610990127240161,9809122286253160208,131072 /prefetch:2
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1868,i,15800610990127240161,9809122286253160208,131072 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1868,i,15800610990127240161,9809122286253160208,131072 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1868,i,15800610990127240161,9809122286253160208,131072 /prefetch:1
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1868,i,15800610990127240161,9809122286253160208,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1868,i,15800610990127240161,9809122286253160208,131072 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1868,i,15800610990127240161,9809122286253160208,131072 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=1868,i,15800610990127240161,9809122286253160208,131072 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 --field-trial-handle=1868,i,15800610990127240161,9809122286253160208,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:844

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\53be591f-d87a-4090-911a-96b71638794e.tmp

Filesize
109KB

MD5
a4173570b888586b1b8c37ea4ad1fcb3

SHA1
e7af4601e17a34a2d96ddb599ae8ecd3fe152a24

SHA256
bc1f6c6bc474faa710291408c201fed43c57ec42e8b0bde5d570ea89a16ee59e

SHA512
12d7cff44ffb5e5dcc661692ef18e42a1d5c628a0c963f3f566ec811951dd6ef9a5c916d41f67a92be762571741f99d9d2c2bb75992545db30c35e6c5a1a1860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
5c69c509246b84b09510d8fde8375e22

SHA1
c73721897b2354f1c714e58796f207edeaf009b5

SHA256
f89d7b4ff66a70516c15c381d692404a0ab62b6b60245065b47b8d08bad7ad46

SHA512
d60bf5df1d3bb9a7f6d798e90c7b3b770a0abe6c188ed022264aab8bc1c9f04c7ac35d322f808ff7eb07789785d34b287999b7ba6198fe19a9b2c3e109f0bd93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dba4ac1634a97fc37970692730055233

SHA1
e9a15371bf08b545fb0c84bfd473c31fad2046b3

SHA256
15633deca25b0ec23acf83702a0b6b0baea920229c43b33dd7dc638c16e42b14

SHA512
52ccbfcb6dc367e5674339491320fc5127b2b0d5365c442d890c240976e8a5d432c87521a84c68759a8e8853d6b7997180ce6c9b897e825ecca99da47b7020be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
20d4b927ee5dcb168eb55bb705e59e5a

SHA1
6dfd3431058c8e4d72c3f44df5bb72e3bb9bed68

SHA256
083a3d76a66d0830bee1903c374d0b787b19f571e09de623fb0969e83bae1dc1

SHA512
c2596ab18c75a877077aa9b0b68584ab85024941083a8fdfbed7602071c377d4e5b62bd0563ab57c040b477e17721639eca583988bf7953dc1637e5f802a1439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f4e50d7b64b9a1b7a447905f6af1795f

SHA1
d7c4e975b7d00a891cbba2d0385a9a14feb0f495

SHA256
abf86120b72f25ee25388b688fdde351b7a9ede28671bb1ae34b9e16e494e02a

SHA512
b70d71db41cde0559beeeb48fbd51b906e72b69f5ca0160b82e206b58c376d5ba539e98363ab7532261af1828471f7f06c31e9f8c61d4bcd00b8b57d28b06943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit