hxxps://ncv[.]microsoft[.]com/XInIlq1B6D

Analysis

max time kernel
1s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
14-11-2023 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ncv.microsoft.com/XInIlq1B6D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 2436	3940	chrome.exe	14
PID 3940 wrote to memory of 2436	3940	chrome.exe	14

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8a50e9758,0x7ff8a50e9768,0x7ff8a50e9778
1⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ncv.microsoft.com/XInIlq1B6D
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1864,i,15989557787579281077,2701575912533832576,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1864,i,15989557787579281077,2701575912533832576,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1864,i,15989557787579281077,2701575912533832576,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1864,i,15989557787579281077,2701575912533832576,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1864,i,15989557787579281077,2701575912533832576,131072 /prefetch:2
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1864,i,15989557787579281077,2701575912533832576,131072 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1864,i,15989557787579281077,2701575912533832576,131072 /prefetch:8
  2⤵
  PID:2832

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
4debf1022d60a880857527a08d4bfc4f

SHA1
a2ab79ab6b3d97f59df96574c966017ecb2160e9

SHA256
e06066ab6836fa19d2accacdb8505850f28c16f69d70260cc6c8cff96f2ea99b

SHA512
f1a27cf0f12d313e8871abe73aa55db1f00014348348066166b80708dfc241ea943b5dee23dddd4bbc9697b785fa1ac880082d0c6720327a7d3ebfcb5ab283ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
615d04dbd6b3647beebfe826431f193f

SHA1
ada6c4e0c10e5783eb4a00f379c8591edd905598

SHA256
e757735fbd80845d5646aadd454aa412d92944ba9e06e50084d075a39b2682bf

SHA512
49b0fb0fdba3fe22b140f0e158a41100b579abf776a0368e730ac4c3d1e0ebbf071773e991c0565dc114c967db3bd43c48268cb901e720de4beccce254dd6853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4cc89e2e800f25b7e1d75e658ba913be

SHA1
5f8295daa8b02bbf2aba6bb70425592497745662

SHA256
e131961b7213f55d86bd7e112fabb6892cf010701edec018d0147b52c02b62a1

SHA512
729c01bc73c37986e6277c4823b38f8a47cc579084256c39267f1e413ec279346adf8645b84663019e00cb9141c9218a9d0fbf9d4d1e094c85d989a46ed0e81c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
534B

MD5
6137ff3d609fab2b0d8755acbe0d6c16

SHA1
31588dbbcc435dc13752d98f60966f3ebba87967

SHA256
10a45dacf4669c52699231c8160b1d2c91b84ff4fa67b1c89ce9763ac3561163

SHA512
0287fc26a5c26a6e18eaaca97fb81cdc143c642928aee2148d7235e78453f774795f0e86d040ceaf44a3b55b2d8f3256022fcc31a9d5df607a9dd9eb35b4aa74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
702B

MD5
d226305ae9d47f745b75570d27da30ea

SHA1
f9b9970aaac158f51361926e3254e28ee6db48bf

SHA256
86dd159ce7aaf8bb5674c82bc625e21d4552d509d461449676f9d476ef0f1664

SHA512
28de1981571b7c40ca3a44283eb413389d954be1438909e9c6ca47578e1aedba6b8c4d79ceb783f41891f15638a7b99c0b12619f43231097177791543417f146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
702B

MD5
9b4785f3982a44f26f0d92ca9324ba5a

SHA1
f9884290889845c5556321f43705ac20cf8a4df5

SHA256
1bcb4e9cbf023c20acabd0b87c59dbc2da63903a7f3f782ce37e44aaed76e9ba

SHA512
95a4f1229b21b307e6d246429e8cde14c8b71357da0bdf0655059311e5f13117f280acac5151b15dd0a68db641e150e3e54e665dbdc8db2a36e28526ec7b6161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
666a074327eeb220560a3cf6835f47ef

SHA1
92188958b28287455010353425905300cb806239

SHA256
2b8d835c39f26edede5f293c42a9e6a6098c0f9db487eaadf6d79ca29167e183

SHA512
ae9de49df688081c18825c8ecbe76439e38c5417854b57c274b451b366c5b2b5d4207cad398def30038a8147c6b5e1143322158bc7e85caa2e4e464ab8849f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
214ce0742b7637fbd9091fb3e305953c

SHA1
6e4bf1e612bed0a252ca31c651bda4cd1549f595

SHA256
c688c4b286c26018baa64957cefcc209208ac13fa167f5de694e2ce4056e7345

SHA512
0bd54d881b06f0ab9a1488af6302d9f2489087389b78fd2aefd136db44095a9d894d0845424af900b402ff2d6c81e7d35865a6f63970e43290aaa4f461ccadbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
343f62e0b5176f373147d293c1be5169

SHA1
6282916eb5ee40b7c5f31f022cc5c3ff6cfbb069

SHA256
0f616cf21258bbef53d9ce92e71401cab641b5348b1b27ccb0bc631f8a683f46

SHA512
182ecc196a0658270a13454ee346e504e8a4feb074535497c58f400458a7ac87db7a43426463f870ab182f3553c43220d21d17fa55b1e6e71dc60e8fd4d4fed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
fee0316beb3cc1c3fda886f95aeaa1e2

SHA1
5922e12f6cad61322db6bfc420ae13f6379ce698

SHA256
d4fe2e1ba50f58857f10e1f5efd433d56f423536b5355970068f616ab5b92eff

SHA512
b3ddf20fbcd24bfb43c69039b3765924bc877b2011a2dc6286dbb083ff751cf32fcc0ea5dea69d303ea383dc651a64fad786ebcad77dee46e0cf36a32ccfb2f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit