hxxps://profile-linkatoaugov[.]online

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2023 21:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://profile-linkatoaugov.online

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133446427226204046"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
492	chrome.exe
492	chrome.exe
4860	chrome.exe
4860	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
492	chrome.exe
492	chrome.exe
492	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe
Token: SeShutdownPrivilege	492	chrome.exe
Token: SeCreatePagefilePrivilege	492	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe
492	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 492 wrote to memory of 548	492	chrome.exe	87
PID 492 wrote to memory of 548	492	chrome.exe	87
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3496	492	chrome.exe	91
PID 492 wrote to memory of 3252	492	chrome.exe	92
PID 492 wrote to memory of 3252	492	chrome.exe	92
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93
PID 492 wrote to memory of 2840	492	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://profile-linkatoaugov.online
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd54699758,0x7ffd54699768,0x7ffd54699778
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1740,i,17227864587700787929,15525632651780486375,131072 /prefetch:2
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1740,i,17227864587700787929,15525632651780486375,131072 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1740,i,17227864587700787929,15525632651780486375,131072 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1740,i,17227864587700787929,15525632651780486375,131072 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1740,i,17227864587700787929,15525632651780486375,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1740,i,17227864587700787929,15525632651780486375,131072 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3084 --field-trial-handle=1740,i,17227864587700787929,15525632651780486375,131072 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1740,i,17227864587700787929,15525632651780486375,131072 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2364 --field-trial-handle=1740,i,17227864587700787929,15525632651780486375,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4860

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
90774ad2b04f1134042dbe53affdbc16

SHA1
f971eabe6dd6b24616115f49573f5fcd07dc8e99

SHA256
b798815ecbaa53b5b7fb8314591ab797309d3f96e7bce4140f32249f53dfab49

SHA512
224529ef095a683e285e96d79ee9c4be360ee3232f153d1ca70a25f11750144dc008192ebb5fc48b9d666456fd6b2f829f12270a1ce256679b849a384847d9c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2bffff860700eb370440ce353ed07a8d

SHA1
ee29fcaffb72c1c39388d5653c35d643649afc95

SHA256
0e410e05e21b8544f977ed9a179f694467ed1c5bb68ba7dcba4481e306a80e66

SHA512
bb7f907a5f9f180c06132e2e3f60fdd2f21a35a821d143bcf06d9b47010105c71757d56a9c6478d576b7fbabde5d2685fd7e36dd45c948952b51ec0e5acca1fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9f0c665bd5bc92992ae24445d7270eb7

SHA1
1f3542a2c37b547306d6f5d8ace8f4bc9d80984e

SHA256
150e530de3412f727333d92521013d981a05d6d1660c00cf5b9ef502a3d62590

SHA512
3e8f64ca253a4869e12274e1312a57a99bf86f2c536f3f692b193127c5427d40d7844fc82e56bb1f5c148b2d7765378da81a59ce2e8dbd6afcd0a6e3f0b80ce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
08be9f0fabccd08afa722bac830dfe04

SHA1
b05c38925eedbed9fc81f1bc1d3a9870d49b05a6

SHA256
a0d9e256959f5f4d81f4f2b04ab027326e67316dd8a0f0929fbda73a763c54a8

SHA512
ddb4e8ae983d4938398bc91d5db2617dcfad1c9c769e206370d4cc4f437a95d4e8b3ff88d1fce7a898c3a7ad4f9abaf3e0de74b1f93e3b6a7b1cc058c71e19e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit