hxxps://www[.]whatismytenantid[.]com/

Resubmissions

15/11/2023, 22:21

231115-19s5jsed46 1

15/11/2023, 22:18

231115-175qkafe6v 1

Analysis

max time kernel
54s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 22:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.whatismytenantid.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133445605009136294"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4552	chrome.exe
4552	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4552	chrome.exe
4552	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4552 wrote to memory of 5092	4552	chrome.exe	62
PID 4552 wrote to memory of 5092	4552	chrome.exe	62
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4476	4552	chrome.exe	89
PID 4552 wrote to memory of 4744	4552	chrome.exe	90
PID 4552 wrote to memory of 4744	4552	chrome.exe	90
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91
PID 4552 wrote to memory of 3572	4552	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.whatismytenantid.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf2929758,0x7ffcf2929768,0x7ffcf2929778
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1760,i,5705685633306385410,14732295555488162170,131072 /prefetch:2
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1760,i,5705685633306385410,14732295555488162170,131072 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1760,i,5705685633306385410,14732295555488162170,131072 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1760,i,5705685633306385410,14732295555488162170,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1760,i,5705685633306385410,14732295555488162170,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1760,i,5705685633306385410,14732295555488162170,131072 /prefetch:8
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1760,i,5705685633306385410,14732295555488162170,131072 /prefetch:8
  2⤵
  PID:5104

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\23f200aa-b6a2-4525-bf17-aa972473a4f9.tmp

Filesize
215KB

MD5
a2228b0b88f0fd9afa16ff5c783923da

SHA1
ed6784f2379df9d8c39ae0f5d7f48a66ef10d31d

SHA256
29ad68fc6d8e0ecb2b6e82e524f18766e244caf694fbd9ab01f5a5a6a78d0c98

SHA512
ff32827ba4de9ebe6293b915723315928d3671ed7d3882c6f1f70fb071717db36c70a7efbb75e523084ce9672d6110185bcd9ea3177dadc86466163faef498e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2cacf7e92e05edcb5a04adcabc9a85ac

SHA1
31f9de7a8a156da968ac3aa3a9b9c85bb43db3b2

SHA256
6188b006e22ece0c44d1c5137d62e728fc92b9cd091b324ff7e729c5a11fb67a

SHA512
7f07f3cb1e557fd1454b5492ea925221d7520c7fec8010012555aa1e56d335775691aec706d11188dbe7c2082c885c8836cdc769df3572c5e56bcf1839a88399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
866B

MD5
fead205f00b0cc129a79ff0ac7a5e4ca

SHA1
593146fc2d26eef4033427f7908cf8f8381cf103

SHA256
dab933a74cef149c1cf3db2e6a6a2556b3fff7e774deb2ee59789febafe95cec

SHA512
bcb159973ec979356d10892fb9e4f0e18df4e262095db670d5a44e72f6e0d12b2e170511326d2f142b2b3ee05f04d03a17bbcfa9cf5f6f91f6720a7ef98116fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6de93f784f24e091d708b029ae66f3db

SHA1
da30c81ec2b18d1564f14c36c67ad8827b51d1c7

SHA256
09d6f8f4225d359bdaa85d9a0ce4828af11495f661ace2e176642db516c030dd

SHA512
c6964c7b1b995b6a55f0cee5c4e592cf3c6c508fd2c151d236d85d52454c62341eb5db5527554edecce3283b14aec5496ff26e9a7549d8bcf550342810322eac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f8de5cfd8ee73afa9d4a997a509bae5b

SHA1
b012fecdc3639d95bee3a75144b77786895de699

SHA256
fcb5b15e1694d13f5f6313185defc7871cbbea74c14b840ac712cee7870ab89e

SHA512
2fd8102d21b320875f9645e2f417a32541ce3ba6fd56ba75330eb0b6c34a5a1def6f190ca9d6ea3a5b12fcfe7660dfdf68579233f16c5577a026cd9dcf8dd96d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit