hxxps://sites[.]google[.]com/saint-paul[.]org/asfadfafdasj/home

Analysis

max time kernel
119s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
13/11/2023, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sites.google.com/saint-paul.org/asfadfafdasj/home

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133443725427536751"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
856	chrome.exe
856	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe

Suspicious use of AdjustPrivilegeToken 32 IoCs

description	pid	Process
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe
Token: SeShutdownPrivilege	856	chrome.exe
Token: SeCreatePagefilePrivilege	856	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe
856	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 1568	856	chrome.exe	85
PID 856 wrote to memory of 1568	856	chrome.exe	85
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3532	856	chrome.exe	88
PID 856 wrote to memory of 3488	856	chrome.exe	87
PID 856 wrote to memory of 3488	856	chrome.exe	87
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89
PID 856 wrote to memory of 2036	856	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://sites.google.com/saint-paul.org/asfadfafdasj/home
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffd15ce9758,0x7ffd15ce9768,0x7ffd15ce9778
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1764,i,18282183970042168461,245894696042797878,131072 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1764,i,18282183970042168461,245894696042797878,131072 /prefetch:2
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1764,i,18282183970042168461,245894696042797878,131072 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1764,i,18282183970042168461,245894696042797878,131072 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1764,i,18282183970042168461,245894696042797878,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=1764,i,18282183970042168461,245894696042797878,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4700 --field-trial-handle=1764,i,18282183970042168461,245894696042797878,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 --field-trial-handle=1764,i,18282183970042168461,245894696042797878,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4000 --field-trial-handle=1764,i,18282183970042168461,245894696042797878,131072 /prefetch:8
  2⤵
  PID:3832

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\87c89c22-4b20-421b-b03e-34f9d6696ecd.tmp

Filesize
109KB

MD5
252c01f71a18f1c91c63098a2f137a27

SHA1
c717a4566b4536fd6444ac1245de4776bb83bedc

SHA256
39e29f87395c56d0436b94617135e259b43abee251084d966a6076bd769406b7

SHA512
757f6322dedc453c89127a68c85d7a12aac81bc46c58fa93dd4ffcd0d04d877df563975aba505a7e07f39b4eabc4477704123dd6ed13ca7af92d8c263f2c697f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
20KB

MD5
2ca43a7e9a4071b6e42b798ed3a51bde

SHA1
95ba7cef2ce26e2eec3a9ab173ce12c24dbcee6d

SHA256
60a2f2a39b716c74549a23808c34ef61559cc14b880b008b6423bf3a757a2891

SHA512
d558485bf4f78c81ee8eaa7e9b7b986795f3a567942eb3ef9514f3073747441d3dc9c71304d9a5cce3bd05142165931058cbaf579db057fef523f07e9298495e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
e333b908bc486787146dc03a35a1bb03

SHA1
871678deea1e2202ee31100edff4263e5c3bed4b

SHA256
77b6ba5c9e4322c07464f2555ea9ff7c5250ca5258bb2a5f9f5ac7460b8f0f3e

SHA512
1cea32a9150a99de372d906705b77699b7eac674ada972bac9c953dd30bf7e31ad8ea3a3a71d7bd2b53d84b2c797040cd0dea4b7cfdcbc64c3ceccc15fc85643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
19ee7427183f2422912f835e80de7572

SHA1
7c927f9e1ae20a561d527615278569bc4538417c

SHA256
c9d540cb3675f17f025d3bcfbc220cbe014fa5be161d7b731f24bca69af6b134

SHA512
7bd82d055bb11313db3912ee35289d1f11b325c9ae936ec1b6a22a3b06765cb5f93ce0ae4dc66751a5f1f04aaf2c9b9b9a39ad38c0761362ed5bad2314560598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
2a4c327bb1bc866054a036dcbf99ba1e

SHA1
920ceaa27adbfbe29dea8bec3b72bb91e568632d

SHA256
761adaf0eba992c4a3424e064711fd3ffea16cfd5738bd3ded54a37ddd72c01c

SHA512
fa48d21ac1ea6c9ba74cbe093f69414a0ed2b1b89bc2d8baf88eb79a3f9f759f1f4463cfa5d3baf742162f368c9a6ff9fbac66ce9fc28b8fd81fb003088410f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
def0944f9bddfdf00a218f8dd810202a

SHA1
5f0668f5e3be016744f80bc8e2db0e85954be6b8

SHA256
3273024ee4cf0f3596fc426101441c92486865fabaf992b7be0d6b16806b7cc0

SHA512
05cf243b044ca973f1d629d4019878a68c051384ab2501e206e1e0d48e32a85c806dedaf4bf2e4161853327ad7a1e2c560f47978084c6146daddbd49d7d284f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
48e0043b0b08947828ad1740f00869b7

SHA1
5315d6c41b60b53cd805b035ee68e48fa7e77ff8

SHA256
b168ad9699ec69abe1cfbc98c838b4d4550ea3bcb79dc6f063f96f192247b443

SHA512
40d2bc73b46022af5019f97f02603ddff2f8dcf2141e982861eff25d6e0377e009832dc8630fecc2ddd085dd84807c21e397c1d22c56598ba9b332ffb9996b74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
69c4849f30818bf31d6f1bfce10f0f93

SHA1
18bb3b686a4a0722c62a1ab4420b3839fc34efd8

SHA256
c11e1cd3fc18ed35ace900a0b64cf090a6a152eaf4bcb35f89f308c9a9a49d53

SHA512
bcd4ac84b243ccc0fa4acff6981c6ded3b3c8d440eb659e0ead426a0f397cd4b4abb5917893fa3ab57ec58f7ed2dafa6e72f5489b50be919f4d0585a63ca9bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b3950917-07cd-4d66-bfa3-9d7e61a5fc19.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit