Analysis
-
max time kernel
301s -
max time network
301s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
14/11/2023, 21:32
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://servicourier.com.gt
Resource
win10v2004-20231023-en
General
-
Target
http://servicourier.com.gt
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133444711844199354" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4488 chrome.exe 4488 chrome.exe 856 chrome.exe 856 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe Token: SeShutdownPrivilege 4488 chrome.exe Token: SeCreatePagefilePrivilege 4488 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe 4488 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4488 wrote to memory of 2268 4488 chrome.exe 88 PID 4488 wrote to memory of 2268 4488 chrome.exe 88 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 764 4488 chrome.exe 91 PID 4488 wrote to memory of 3384 4488 chrome.exe 92 PID 4488 wrote to memory of 3384 4488 chrome.exe 92 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93 PID 4488 wrote to memory of 4544 4488 chrome.exe 93
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://servicourier.com.gt1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4488 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95fb49758,0x7ff95fb49768,0x7ff95fb497782⤵PID:2268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:22⤵PID:764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:82⤵PID:3384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:82⤵PID:4544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:12⤵PID:3968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:12⤵PID:4124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4792 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:12⤵PID:1032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3912 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:12⤵PID:4564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:82⤵PID:4748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:82⤵PID:3724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=888 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:856
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3016
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
186KB
MD5740a924b01c31c08ad37fe04d22af7c5
SHA134feb0face110afc3a7673e36d27eee2d4edbbff
SHA256f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c
-
Filesize
648B
MD5d47051a728877105940d1d2928578dad
SHA1ccb63b24804aeb81278412712a5abb4cb0399095
SHA256882df94bf613a8616cbf375bc3434d751df51fadef822b7705a8d7637cec8aed
SHA512217f7117695ca6dbbef1eaa6fb57450eca1925b74b3c4b9287707e0ac0694e673117ae1823324a7d6aa25b7d89376fb393b7df7bfa01688e35a77bf67b67e705
-
Filesize
1KB
MD59d2013a36844c1d4ea63d2b13670d94c
SHA1ed55121f965ea950750bb8666c707102137ec053
SHA256b200b444f695d30ff161def808e6dd52f931daed09aa40f34f7c241d2f7c73a3
SHA5127d78f3a327008ecf84f98dd370a7ce32698501c2e9e1d10e0ad8f203ffc7e65ea9c64548ad51ad84c97fe354eb41310be06fb4db0483f12f8b92b0e49d3461b3
-
Filesize
2KB
MD56e280435217aa56b2f1cbefc7b68fb45
SHA1cd9b896402f28c875b9ad630548241875d32b1e8
SHA25612bc7cfb4b108c65c23c504293ee2cad4570fb8cae88020e48fc0b77d226ccca
SHA512c80f36f86c1f355b90aef6f2327bef26dadc4f585060e1cfadce49ec29c2222fb0ec53941ae2ab96fefbfccb1b4b308ec2a2dea0c3b690505e44cfc6a81f6efd
-
Filesize
2KB
MD5497b85e6c23b153e26acc3f2fd4fecee
SHA1edb083e2e362694a88a6d0e8fa7d2c865056833e
SHA2561c71ac1fb3fceff320fb49cdebb946f3a28b2179680dde9020ab5775706f2771
SHA512641a5b15f55e33e3f3a07ba43a5221a441b59df38896449b0eff4e719b5ed76b8c59cd8dbc6cb10e555d15118d78b25d36efdedc8c823b216a6d97e8631171a0
-
Filesize
539B
MD5215b5e05edb23b221346e4de06bbe416
SHA195ce30e638c87e5d23efb4f3b0002a2ac6c52c18
SHA25666680ec59dca5c602de7ac656f634181ad883315bd78a7776c47ed0e786f158b
SHA512ca83cdb4aaeb5a79c2f554870dea66ae5e64e1ed293f9169c27123ba4e2fd5e18f98606265c9e5ab35329f455aa1536245dd39ac61935bddb3104944d3b0ed22
-
Filesize
5KB
MD578f3c52a708daea3d9a6a644d350c17c
SHA14a1ebf2f0fdf7a12eba538f5da8b42653bbdaa6f
SHA2562f38ecf0113236bc48abcc7b16559f88ae981cf00577545718bf664b09b32992
SHA5126f0dfcbc900f5ae64f32db349da6ad2919377ed329620b787b52d4381a0bba0fb9de558b6773899f4586153d051523e0d96402a2ef84530f6bbebc87d720219a
-
Filesize
5KB
MD5cad541a63002ff2b0908c27802bbeac9
SHA13002a105c01021c1f818ae3ba3edb33a8a5b1599
SHA25618ee94b4f43082a06ea30ec6db255c6da7549d797bb42afc0f6074804470e777
SHA512ef0345d9090946322651058672691e007fb5dd7857d5393f3b6c4ba0f8c408d333b59e9d8614e1256a4eb7a81e28d91de776e750ca23b8f840a819e0f577c380
-
Filesize
6KB
MD5399252d5c5ad6839ab474c23e7009b41
SHA1e091597fd8c7827b712060d4069c06c74b17208d
SHA256d41bab1af326971b0be54f0228570709e2f91319adf23a2084bd7da641fdca9b
SHA51221996e7585653044af0335be4f1b0f98561c073158548812068b50326cfe868a6efcf7b1f25949eb9ee608107503ee9a51b1e96d7ac23f96b61cfc49b2404f59
-
Filesize
109KB
MD51ca0af8db2a8207626cf07fd07b6cfb9
SHA1080398a78e1312765850ec93315df3ba8d9853d9
SHA2567bab7bef7d1ea497e9dd563e58a6290ce726952c28fd2c327269908321f673b1
SHA512e9987130333f6276fdcac43f1c8e63ca32219615f7c191dc06104e46803f4861ddedb672ef3e3b862640651419cf4e111c6fef786bd4f38f47c579c2e47833a5
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd